BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
Hi all, just for the peace of mind, can someone of SNWL confirm or deny any impact, I would like to answer customer requests with a backed Vendor statement? --Michael@BWC
-
The MAC address cannot be found in the ARP table because my uneducated guess is that the ARP resolution cannot work if the packet gets dropped before that, but what do I know. --Michael@BWC
-
So in other words, I cannot figure out on which interface this miraculously generated packet entered the firewall? Hmm, OK. --Michael@BWC
-
Hi @DMoody007 time took it's toll and I was not 100% correct. You have to put the destinations in the VPN Access tab of the user/group. Just have a look at the screenshot, I recreated the scenario for you on my TZ 400 at home. My SSLVPN Clients Network (SSLVPN_N) will not be able to access the LAN (N_CLIENTS), except for…
-
Hi @Louie well, I might be recognized as some kind of critic for the contemporary design so I can feel you. You cannot change the default design, your users will be greeted in orange, which is a very unflattering skin color by the way. Sometimes there is a possibilty to switch to classic mode, but sometimes the option is…
-
Hi @Saravanan well yeah of course this VLAN is not configured on any of the interfaces, that's why I was looking into this for the first place. But the packet is not falling from the sky, it must be received on one (or more) interfaces and this is what usually the Ingress Interface shows. Simple question: What means *(i)…
-
Hi @DMoody007 you can't assign static IP addresses for the SSL-VPN connection on your Firewall, but you can restrict your SSLVPN -> LAN rules to specific users. I did this a while ago, can't remember exactly but I guess I left the SSLVPN access for the user empty and created a custom access rule bound to that user. Just…
-
Hi @Joakim ssh into your NSA and fire up this command, it'll do the trick: show access-rules statistics custom If you get annoyed by the pagination just call: no cli pager session no cli pager default Hope this is what you're looking for --Michael@BWC
-
Hi @preconstruct AFAIK there is no way to hide the Domain on a Firewall SSL-VPN, only on SMA (see your mentioned KB-article). --Michael@BWC
-
Hi @Charlie_L235 thanks for the update, will keep this in mind whenever facing it. Stay safe. --Michael@BWC
-
Hi @SEBASTIAN I'am getting the same message you mentioned on several customer machines while accessing via WAN interface. It seems somehow browser related. Usually Firefox is the best way to go. When this happens usually a 2nd tab got created in the browser, I just hit Refresh (F5) in this 2nd tab and login again, never…
-
Hi guys, thanks for chime in into this messy situation. If I get you right you don't see any relation to these "chain" messages. @Simon 10.2.0.2, still waiting for the OK to upgrade to 10.2.0.3 from the customer, because of the update messages for the SMAConnectAgent, which raises confussion to the endusers. As mentioned…
-
Hi @Charlie_L235 where did you tried to download them? I checked with my VirtualOffice and can download them without hassle. I've tried both classic and contemporary mode. Running 10.2.0.3 on VMware, maybe (but shouldn't) it is different on Hyper-V? --Michael@BWC
-
Hi @SonicAdmin80 AFAIK kext support in general got a grace period and is still working in macOS Big Sur, not sure how practible it'll be and definitly not the way to go. But S1 is working on it, didn't gave the beta a try though, don't have enough machines to mess with. Because other vendors reported missing macOS Big Sur…
-
Hi @Enzino78 OWA and Active-Sync can be easily deployed with Application Offloading on your SMA, we're talking 100 series (hinted by the Virtual Office)? About the MFA, you'll need probably two virtual hosts or at least two domains because OTP is triggered via Domain if we're talking about the SNWL provided OTP? For OWA…