BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
Hi @SonicAdmin80 I guess we have to guess, none of my question on page #1 were answered. Rumor says that it's even vulnerable without authentication, which would render MFA useless. As @Xronos explained any portal is vulnerable, which would answer at least one of my questions :) GeoIP before the SMA would be my preferred…
-
Wow, this thread is dead. Any opinion on that? --Michael@BWC
-
Hi all, the reason seems not to be related to GeoIP blocking it all. The geoBotD.log in the TSR reveals that the Disk storage gets filled up. Mon Feb 1 17:32:18 2021 Error Message: Geo log receiver: failed to write log message, reason : No space left on device, It's 20 GB Disk assigned to the SMA, which is the default for…
-
Hi @Xronos I'am running 10.2.0.3 as well and before the Factory Reset I did not experienced this odd behavior. I'll have to grab a TSR when the problem occurs again. I downloaded a TSR after reboot and log files showing some weird timestamp with date of tomorrow before jumping back to today, like in temp.db.log [Tue Feb 2…
-
Hi, well the countercheck by removing the United States of America from GeoIP blocklist did no make any difference. After around 9 hours of runtime the Protection Status switch from Active (online) to Active (Offline mode), it was around the same time local logging to the Appliance stopped working. The syslog still shows…
-
Hi @Micah what's the definition of "shortly" because I don't wanna be seen as pushy :) And while you on it, any progress on some SNMP development for ESA and SMA as well? Especially License monitoring via SNMP would be great to have. --Michael@BWC
-
And around 14 hours later, local Log does not show new entries no more, Syslog still good though. Anyone had this issue and got it resolved? Since factory resetting my SMA 500v it acts weird. --Michael@BWC
-
Hi @Simon @KaranM @DerekYu @Chris @Micah because MFA got some more attention in the recent days, what about the above? Never got a feedback which is unfortunate because /spog gets forced so hard and users have to adjust the URL manually because there is no switch from contempory to classic mode. --Michael@BWC
-
Hi @Halon5 happy 7 Day Anniversary of the "SMA, you good?" hanging over us as a dark cloud. But it seems if there is no evidence of a 0day at this moment we can take a breath. But SonicWall did not addressed the other elephant in the room. Recently, SonicWall identified a coordinated attack on its internal systems by…
-
It seems a reboot of the appliance got this fixed, local Log and Syslog is now in sync for new events. --Michael@BWC
-
Hi @sgadmins correct, I'am more of a Linux guy, but NPS can be extended with OTP. UPDATE: It was SSL-VPN which had the trouble with the Radius Challange/Response, confused it with GVC above. --Michael@BWC
-
Hi @sgadmins depending of your Radius Server Implementation you can do all the OTP Part in the Radius Authentication Protocol. In my experience Challange/Response did not worked at least until 6.5.4.x for GVC. It could be accomplished when Radius support password+otp single step instead of multi step. I'am not familar with…
-
Hi guys, whenever you face the original issue of this thread After every reboot the setting at Device/Settings/Administration "Failed login attempts before lockout" get reset to a value of 0 which block the ability to save appliance settings. it is (again) under investigation as JIRA Gen7-11866, thats was Support reported…
-
Hi @Paco not 100% sure on that, but wasn't it always the case that authenticated connections from the same Source IP address to the firewall always exclude each other and the latest one wins? For that reason I assume you're having these results. Never had to deal this in a GVC scenario but saw that for authentication in…
-
Hi @Ehsan the DataSheet lists 250 for the TZ 370. --Michael@BWC