BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@nimacom are you sure that 172.20.102.2 is part of your SSLVPN subnet and not any IPsec VPN? The "SA not found" confuses me in that context. --Michael@BWC
-
@MSPitGuy you're right, Auto-Update does not seem to be that simple. 10.2.331 does not bother to contact the custom web server for the auto update. When 10.2.330 tries to auto update it asks for NXSetupU-64.exe (which I linked to NXSetupU.exe) but also for NXSetupU.exe.manifest which I could not find in the…
-
@eallen I did some testing, and the full path on your Web Server has to be /applications/netextender/windows/10.2.338/NXSetupU.exe You have to define 10.2.338 on the internal settings page, otherwise the appliance is requesting an older version. Or you might create 10.2.331 on the Web Server and put the 10.2.338 exe in it.…
-
@GITS if you're sure that your Access Rules are in order you should start a Packet Monitor capture any tcp/443 from your printer to see if anything gets blocked and if you receive some reply packets from the TA DC. --Michael@BWC
-
@GITS do you have any Security Services and/or DPI-SSL enabled? --Michael@BWC
-
@eallen I did not tested this, but if you define your own SSL VPN Client Download URL in the Server Settings for SSL VPN you might save your auto update. Just make sure to keep this structure at the Web Server: ./README.txt ./netextender ./netextender/linux ./netextender/linux/10.2.845…
-
I updated from 10.2.337 and it now shows 10.2.338, maybe the update from different versions do not work properly. --Michael@BWC
-
+1 for that, but I'am not very hopeful that'll happen, but would love to be proven wrong. --Michael@BWC
-
@Clemens IMHO it's not possible and we have to deal with it manually to battle CVE-2023-6340. Hopefully a new Firmware will be released including 10.2.338, maybe @Community Manager can gather more details? --Michael@BWC
-
@SeymourUAP the Migration tool only supports 7.0.1 at the moment, you can upload the 7.0.1-5145 again to your box and start over with a factory reset. After the migration and restart you could update to 7.1.1 but a couple of users having mixed results with that version. The Firmwares are always downloadable via MySonicWall…
-
@BrunoBastos you should see the SYN Packet as well. It should work if you set the Packet Monitor configuration back to Default and configure it like this: General -> Monitor Filter EtherType: IP IP Type: TCP,UDP Source IP Address: 10.74.52.8 Destination IP Addreess: 186.192.81.5 (if it's the only address you're looking…
-
@Aijaz how are your DMZ hosts trying to access each other, with IP or Name? General Rule is, if you stick in the same subnet the SNWL will not see the traffic and it's a host firewall issue or any other host related configuration which causes the trouble. E.g. ping from 192.168.1.16 to 192.168.1.17 will never be seen by…
-
@Arkwright unnumbered VTI sounds right to me. I never used it for something else besides SNWL-to-SNWL, IIRC there was a Teldat/Bintec which worked too. I'am currently thinking about to have the VTIs numbered, because it gives more options, like binding a Network Probe to it and maybe have some simple VPN monitoring because…
-
@mimiz you have to switch to configuration mode first, simply by calling the configure command. When you're in configure mode you can call the commands of your liking. After finishing your configuration you need to call the commit command, other wise they'll not active. Maybe it's time to have a peek in the ECLI…
-
@LarrySchwenk I guess there is no 3rd party solution for this, @Sliderhome struggled with it a while back and I did not heard anything about a happy ending using non SNWL SFPs. --Michael@BWC