BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
- 
                @XChangingIT how does the configuration of the port at your network switch looks like where the X2 interface is connected to? If you need to assign a Zone/Subnet to the untagged portion of the Interface I assume the switch isn't configured correctly or your APs end up in that zone, which might be something you don't want.…
- 
                @XChangingIT if you need to create tagged VLAN Interfaces it's described over here: If you leave the physical Interface Unassigned (not selecting any Zone) there will be no additional network (untagged VLAN). --Michael@BWC
- 
                @MartinMP I updated a TZ 670 a minute ago and I did not experienced the "Device registration needed". I updated with the current configuration, no factory reset. Was it fixed by a reboot or did you had to reenable (register) the trust with the backend? --Michael@BWC
- 
                @Simon_Weel DNS on the Firewall is just a resolver (proxy) not an authoritative DNS, therefore it cannot be used as a slave. --Michael@BWC
- 
                @lowrider no, it's really First match only. Please check the Admin Guide, on Page 97 there is a detailed description how CFS works. About the group membership, is it possible that one of the groups the user is a member of, is a member of block porn group by itself? This would mean that nested groups are possible. Or did…
- 
                @lowrider yes, First-Match means exactly that, combining Policies is not possible. Are you sure that the block is caused by the block policy for block porn? It might get triggered by the Default Policy if left enabled. --Michael@BWC
- 
                @lowrider CFS Policy is First-Match, you always have to build a complete Policy. If you block something in 1) it will not be allowed in 2) if a match already happened. I'am not sure about nested groups, IMHO it's not supported, you have to check at Monitor -> User Sessions -> Active Users and hover over the bubble to see…
- 
                @IT_Will_be_Fun great that you figured that out, the devil is always in the details. Happy NTPing :) --Michael@BWC
- 
                7.1.1-7051 got released and seems to address a lot of the reported issues. --Michael@BWC
- 
                7.1.1-7051 got released and seems to address a lot of the reported issues. --Michael@BWC
- 
                7.1.1-7051 got released and seems to address a lot of the reported issues. --Michael@BWC
- 
                @IT_Will_be_Fun did you checked the Value section of the packet monitor details? Was it dropped because of an Access Rule or something else? --Michael@BWC
- 
                If you're talking about CASS this might be helpful. --Michael@BWC
- 
                @Ramaswamy you might check this option: On the other hand you could configure SPAM submission addresses and your users forward the mail by themself. --Michael@BWC
- 
                @dbdan22 IMHO for WiFi Calling you only need to open UDP 500 and 4500 to the ePDG of your provider. If you allow ANY you should be golden. Ruckus listed 233.sub-141-207-229.myvzw.com and wo.vzwwo.com in their Profile for Verizon. There are some more information about 911 calls over here: --Michael@BWC
 
             
             
    

























