BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
Hi @Prabath you probably can accomplish this with static ARP entries + a subnet route, IMHO the one and only way to assign additional addreses to an interface. But I'am not a big fan of having multiple subnets in the same collision domain, therefore I would prefer to seperate the subnets by defining VLANs, they all can…
-
While 3.1.1 is on the horizon and will be released in the next days, Support is still struggling to give me an answer for over a week now how to safely remove the uninstallable CaptureClient from my system. The Backend Team is more of a Slowend Team on this one I can tell. --Michael@BWC
-
Hi @Gailand , I'am somewhat optimistic that it is fixed in 10.0.7? Since installing the latest release I cannot see any segfaults, but we are only 8 hours in, keep my fingers crossed. --Michael@BWC
-
Hi all, I checked again, and it seems that with 10.0.7 a syslog record will be created for every successfully processed mail, this is fine, but I'am more interested in the problematic cases, like wrong protocol, wrong addresses etc. --Michael@BWC
-
While checking for segfaults in the messages log, I've found this entry for syslog-ng (a syslog daemon). Which shows that my own remote syslog server is accepted, but not used? Jul 20 17:20:32 esa syslog-ng[965]: Log statistics; processed='source(src)=7257', processed='destination(console_all)=0',…
-
Still no syslog in 10.0.7 if anyone wonders. --Michael@BWC
-
Hi @Halon5 oh this magic back-end team with all their wisdom, we'll see what they know about syslog. The back-end end for CaptureClient was giving me another task to scratch a CC (which went rogue) from my endpoint. Thanks for checking, would be nice to have it working as it supposed to do. --Michael@BWC
-
Well, things are getting spicy, the CC isn't uninstallable, either manually from the terminal or via CSC. The config.db sqlite database seems to be corrupt which cause the uninstall trouble. Hopefully the support team steps up a bit, because the pace of resolving this isn't going to break any records, if you get my drift.…
-
Hi all, end of story, support recommended to uninstall the client, because I can't do this from the management console I have to do it manually on the endpoint itself. No big cake in my scenario, but nothing I wanna face at a customer deployment. UPDATE: uninstallation does not go smoothly, AuthorizationPassword is not…
-
Hi all, short update, after 3 days (Jun 16th) the W2K12 server magically decided to use the latest policy (last modified Jun 13th). I've heard of viruses which disappear magically someday, but this also counts for Capture Clients updates as well it seems. 07/16/2020 05:57:44 PM ses[2200:4496]…
-
Hi @Saravanan why should I change the MTU if disabling Block until verdict makes the Download work just fine? The MTUs are perfectly fine and no fragmentation needed. I'am running 6.5.4.6 on that machine, customer did not complained about other downloads, but these are mostly HTTPS and we disabled DPI-SSL. The message in…
-
Hi @Dantell is DPI-SSL enabled? Did you checked for any connection failures? You're running 6.5.4.6 on that appliance? --Michael@BWC
-
Thanks, wasn't planning to put that burden on you. Was looking for a simple answer like "You're doing it wrong", but it seems it isn't working out of the box. --Michael@BWC
-
Apoligies but I need to bring this up again, anyone using syslog enabled on the ESA? --Michael@BWC
-
Hi, partly my fault, I did not realized the IP addresses are different between the LAN subnets. Two subnets on two interfaces (X0, X3) are part of the LAN Zone, Interface trust is enabled. I was running a ping from subnet A to subnet B monitoring addresses, this is only working for the primary (currently active) address,…