BWC

@CRISL I would go for bug, because it does not make sense to unhide the Domains by just cranking up Mobile Connect. But on the other hand it says "Hide Domain list on portal login page" so maybe the developer just did only this :) Excerpt from the Admin Guide "By hiding the domain name, this makes it more difficult for a…

in How To Hide The List Of Available Domains From The Virtual Office Portal Comment by BWC June 2024

@callidus I'am not aware of a viable built-in solution. —Michael@BWC

in Streching vlans Comment by BWC June 2024

@dfait this scenario asks for pinhole (loopback) NAT. You might search the forum for that, because it got answered a few times. Short story: NAT external IP to internal IP (like you already did) but without specifying any interfaces. Then create an Access Rule for LAN-to-LAN, Source ANY and Destination X1 IP (or whatever…

in Direct a domain name to local IP address? Comment by BWC June 2024

@callidus hopefully that isn't something you need long-term, but I have deployments with Mikrotik Routers installed on each side behind the SNWL and providing an EoIP (Ether-over-IP) tunnel for all needed VLANs. It's a working solution, but I prefer collision free IP addresses on each side. —Michael@BWC

in Streching vlans Comment by BWC June 2024

@FEDEL did you listed all (custom & default) rules for LAN to WAN and made sure that your deny rule is really where it meant to be? Usually I disable all automatic rules in the zone configuration which means an implicit drop for not explicitely allowed traffic. You also should check LAN to ANY, just in case. —Michael@BWC

in Nsa 3650 and access rules Comment by BWC May 2024

@DesertSweeper ist there Double NAT involved in this scenario? I'am facing this issue a lot when there is a router in front of the SNWL. I never had the chance to figure out the final reason for that. Sometimes it helps to restart one side, but not always. —Michael@BWC

in The lights are on but no one is at home SITE-SITE VPN Comment by BWC May 2024

@Angel_Georgiev this setup will work but keep in mind the PPPoE link will go down in case of the failover and needs to be connected again. This may take a few seconds/minutes. Dial-Up in HA isn't a joy, even in stateful scenarios. Best option would be a router in front of the SNWL, but this would introduce double NAT with…

in Set up PPPOE line as a failover in HA setup Comment by BWC May 2024

Release Notes finally got published. —Michael@BWC

in April, 18, 2024 Hotfix notes? Comment by BWC May 2024

@radiman subnet will collide with your other locations, because it'll make an ARP request when it's in your subnet boundaries. It will not even try to route it over your VPN, except all endpoints getting an explicit route, but that's not really good. Best option would be a renumbering of 10.15.23.0/24 to something more…

in Subnet possible overlap for S2S VPN setup Comment by BWC May 2024

@ChristianK if the medical device is in the 172.17.1.x range, like the backup server was before, NAT gets a little bit tricky because it does not answer any ARP requests and does not handle half open connections. If this is the case you need additional steps to make it work until the technician can alter the address.…

in NAT or LB on NSA3700 Comment by BWC May 2024

@dp8 I changed the TimeZone on a Gen6 with 6.5.4.14 to India and the syslog reflects the change. The first timestamp (CEST) is added by my syslog but the time= value comes from the Firewall. <local0.info>2024-05-15T06:43:28.946338+02:00 shield.bwc.internal id=shield sn=xxxxxxxxx time="2024-05-15 10:13:28"…