BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
UPDATE: This is also valid for Hosted Email Security.
-
Hi @Darshil I'am not a friend of auto-generated rules as well, first thing I do when configuring a new appliance is disabling all of the "Auto-generate Access Rules to allow traffic between" options in every zone under Network -> Zones. This is taking care of a bunch of rules. Just my €.02, maybe does not fit for everyone.…
-
Hi all, I solved the puzzle, it's because of the comma in the service name, the resulting JSON gets interpreted in a wrong way and the timestamp (i guess) is used as the bandwidth value. This needs to get addressed, probably by setting the service name in quotes or not having comma as delimiter. The browser requests the…
-
Don't you dare to sign me out :) ... I would rather go for no idle timeout, if this works with the SSO and stuff. --Michael@BWC
-
On more thought, can it be because of the Service Object Name I chose? Do additional commas in the Service name cause trouble? I'll have to do further checking, but "Eye-On-Health (tcp, 1000-65535)" is on the top of my Application list most of the time, followed by some other custom Service names containing a comma.…
-
Hi @MasterRoshi I think the whole calculation seems to be messed up, I was thinking of a locale issue (decimal point versus comma)? Even setting the y-axis to a fixed value still shows this abnormous values. BTW, it would be great if "All Interfaces Rates" would include VLAN interfaces as well when selecting Ingres/Engres…
-
Hi @shiprasahu93 you shouldn't have used 3389 to give the BlueKeep dilemma a boost ... hahaha just kidding. One thing I might add to port translation is the topic of Hairpin-NAT or Loopback-NAT, which is needed when you wanna connect from inside (LAN) to your WAN address driven services, usually done by their domain name…
-
Hi @Halon5 disabling DPI seems to be the last resort, but I'am under the same impression that perimeter security (or should I say inspection) is getting more and more less important or losing its grip, because most threats can be handled only on the endpoint anyways. I actually don't like that route, but I guess starting…
-
Hi @shiprasahu93 thanks for checking, now we are getting in an area where the community pays off :) --Michael@BWC
-
Hi @shiprasahu93 thanks, this was some great information to do more research on that. I wasn't even checking for a newer version, but is there a possibility that sometimes in Gen6 the arp cache was made available via SNMP? I'am able to gather the information via IP-MIB::ipNetToMediaPhysAddress.<ifIndex> - something even…
-
Hi @Halon5 I tried this sometimes before, but the screenshots are from my TZ 400 at home, where is no traffic at all across all interfaces. The interfaces are not selectable in the Applications graph, the Bandwidth on the interfaces are looking fine. So where comes the Application Gbps traffic from, if not from the…
-
I did some more digging. Having the Security Services set to "Performance Optimized" will boost the download speed from around 60 to 92 Mbps and CPU consumption on Core 2-4 from freaking 100 % down to around 60-70 %. But the upload is still bad, from the possible 35 Mbps only around 20-22 Mbps are left with DPI-SSL…
-
Hi @SuroopMC I'am also testing "native" SentinelOne at the moment, it's their approach to do it. SOPHOS for example provides an AD Directory Sync service which is installed locally and transfers the AD information to the cloud backend, don't know if this works with Azure AD which you mentioned. One customer told me he…
-
Hi @fmadia will do further testing on other appliances as well. Rule of thumb in the past for me was, Datasheet values divided by the number of cores the appliance is having. In my case I don't think that multiple flows will squeeze more out of the already 100% occupied cores 2-4 (mot just one) when doing the speedtest.…
-
Hi @Peterbob9 check my tests, running on a TZ 400 as well, do your results differ? --Michael@BWC