Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
Where are you in relation to the firewall? If you are managing it from the LAN then you should not lose management access if any WAN is down. If you are managing it from the WAN, then you will lose management access via any WAN that is down. You will only be able to manage it via the WAN which is up. F&LB cannot fix that!
-
But more and more sites do a cross-check, where the remote site 'asks' the browser what certificate information it has received. I had a suspicion that something like this might be happening, performed by some WAF. Two customers reported issue with two different sites that randomly return 404 on different page elements [we…
-
I suggest you test this whilst watching the state of the LB status/Target columns for each interface.
-
Can you use both WANs simultaneously in normal operation [ratio mode]? Do you have logical probing configured?
-
I just think this is a very misunderstood setting with SW's. Evidently :) So it's my understanding unless you install the certificates on all the workstations and/or servers DPI is doing absolutely nothing and eating up your ISP speed and firewall CPU If you enable DPI-SSL on traffic for clients that don't trust your cert,…
-
My question is this: Why not just connect each different WiFi network (Guest vs Business) to a different physical interface? If you need the capacity, or don't have managed switches [and separate APs for guest and business…..we're getting a bit implausible here], then use separate physical interfaces. If you have managed…
-
I think that port scan detection detects port scans whether your firewall would have allowed the traffic or not, so having a rule makes no difference. Additionally, I have a suspicion that some innocuous patterns of traffic will trigger the detection; imagine a scenario where clients open multiple connections to a web…
-
You need to raise a customer service request. You cannot transfer it yourself.
-
I know nothing about Checkpoint. The only sensible default, is to use the local and remote address as each IKE ID.
-
Is this connection subject to DPI-SSL?
-
You cannot not have an IKE ID. So I assume that means they're not setting them manually, and that's why it doesn't work.
-
Check your IKE ID. You will need to set them manually because you're using NAT. As to why it says Active, that's a Checkpoint question. Perhaps "Active" just means "Not disabled".
-
AFAIK the speed setting on an interface is not a limit, it's just telling the firewall how much bandwidth is available. If you want to set limits then you create access rules referring to bandwidth objects - those are what have the limits. So if you want to limit offsite backups to 100Mbps then create a bandwidth object…
-
Is SSL-VPN enabled on WAN zone? Is the port 4443? The default is 4433.
-
If it was standalone you could use Portshield [=use switch chip in firewall as a switch] and plug everything in to it. But Portshield mode is disabled in HA mode. I think there is a /diag.html option to enable portshield in HA mode, but it's at your own risk.