BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
Hi @djhurt1 I agree it is confusing to mention 127.0.0.1 as a potential infected endpoint. It bugs me from a technical point of view, but in the meantime it's my indicator if a Cature ATP message from MSW was generated because of a hit on the Firewall or on the ESA. I told my customers if it's from 127.0.0.1 you're good,…
-
Thanks @David W ... 10.0.10 will be a **** of a release then ... fixing my OpenLDAP (On-Premise) issue after 9+ Months and this thing here. SPF still broken, but we cannot have it all. --Michael@BWC
-
@ThK you called it and now the curse got to me as well. I checked earlier today and it was set to "Reject invalid addresses" and now it's "Process all Messages the same". This is messed up and we are not alone with this ****, another user in here complained about the same. --Michael@BWC
-
Hi @Darshil if I get you right you're looking for the established HTTPS connections, which be either shown by Investigate -> Logs -> Connection Logs and search for 443. The DPI-SSL on Manage -> Security Configuration -> Decryption Services -> DPI-SSL/TLS Clients shows you some additional values about the inspected SSL…
-
Hi @David W one statement of yours got me thinking and a bit concerned. There is a setting of 30 minutes for a timeout so that if we have no response by that time they are released. Does this really mean if HES is not able to get it's job done in 30 Minutes potential dangerous files are getting through without a Capture…
-
Hi @SteveBottoms did you tried to create a AD Group called something liike "SSLVPN Access" and have this group being a member of "SSLVPN Services". If no other Group or User belongs to "SSLVPN Services" you should have total control via AD over NetExtender Access. I'am having deployments with several AD groups controlling…
-
Hi all, if anyone is facing this issue (which is probably coming back until fixed) this did the trick, shout out to the Support Team: Login using SSH Use Root/admin password Execute the commands : policyinfo /etc/init.d/policyserver restart policyinfo --Michael@BWC
-
Hi @zuifon do you have Tunnel All Mode enabled in your SSLVPN Device Profile, then that's the reason. If you can disable Tunnel All only configured Networks will be routed into your VPN. --Michael@BWC
-
Hi @djhurt1 if you need something in your Junk Box real quick, I would take the Filter approach. Just send an e-Mail from your private account for example and have it store in Junk. --Michael@BWC
-
Hi @djhurt1 setting the summary URL will not interfere with your hostname (HELO) whatsoever :) --Michael@BWC
-
Hi @djhurt1 I checked real quick for you and the port is indeed part of the URL in the Summary Report. Was just in time for the hourly report :) --Michael@BWC
-
Hi @djhurt1 if you put let's say https://mail.mydomain.tld:1443 in the mail summary as url you have to have a NAT rule and two access rules NAT Rule ANY -> Original, X1 IP -> ESA, Port 1443 -> HTTPS, ANY IF inbound/outbound Access Rules WAN -> DMZ, ANY, X1 IP, Port 1443 LAN -> DMZ, ANY, X1 IP, Port 1443 As long as your URL…
-
Hi @RobW it may sound odd, but did you cleared the cache of your Browser or tried a different one? It happens to me sometimes too, usually if I check the Browser Developer Tools it throws a bunch of Exceptions as well. --Michael@BWC
-
Hi @djhurt1 if your users don't need to access the Junkbox from the public Internet then no additional Rules are necessary. My rule of thumb, every services that is not exposed to the outside is one less hazzle. Otherwise as mentioned by @Saravanan on Manage -> System Setup -> Junk Box -> Summary Notifications you can…
-
Hi @djhurt1 you should only forward SMTP to your E-Mail Appliance, that's all what needed. Except you wanna grant HTTPS for accessing the Junkbox from the outside? In that case you should use a different port for that to avoid conflict with your OWA. --Michael@BWC