BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@djhurt1 I think it does not do any harm to have this option enabled just for the time getting rid of the unwanted rules and disable it afterwards. There are only a few options on the internal settings page I'am comfortable with changing by myself because of the lack of documentation. --Michael@BWC
-
@Twizz728 the Aruba Switch is sending out these packets for a specific reason (Aruba knows best), the SNWL catches it on X6 and complains it cannot handle it. IMHO this is nothing to worry about, it probably gets to the SNWL on every port that is connected to that Aruba switch. Your Packet Monitor configuration is not…
-
@djhurt1 is this an internal (default) Address Group. Did you enabled "Enable the ability to remove and fully edit auto-added access rules" on the internal settings page? This should give you the ability to remove these rules. --Michael@BWC
-
The Feisty Duck is quacking about that topic in it's current newsletter. I highly recommend keeping an eye on this water bird, always a great source of information. I guess it'll needs a while until the servers supporting ECH will be ready broadly. --Michael@BWC
-
@IanJ the case with SonicWall should be straigt forward, Mobile Connect for Windows is deprecated and no longer supported since 2022-08-15. You need to have them figure out a way for NetExtender. --Michael@BWC
-
I'am in no position to recommend a partner but maybe if you drop some general information where you're located maybe some of the great members near you can chime in. --Michael@BWC
-
@JackGoldstein you should take advantage of the current promotional trade up which is valid until Dec 31st. Get in touch with a SonicWall partner of your choice. You could go as high as the TZ 670, but this depends on your requirements. --Michael@BWC
-
@AZSNWL there is no ssh access to the SMA 100 series. --Michael@BWC
-
@dcross1977 I can't see any reason why not, as long as the SAs got negotiated it should not make any difference if it's a Barracuda or a SNWL, traffic needs to be managed in the VPN-VPN Access Rules. --Michael@BWC
-
@Q_Mark no worries, it depends what the auditor is complaining about. Is it just because of Port 80, then my solution is the way to go. Is it about the Virtual Office than Prestons way is the right one, if you don't need SSL-VPN at all just disable it on the WAN interfaces. --Michael@BWC
-
@AliPaez117 it's not possible, this is something what I really miss in the underlying SentinelOne Agent and you need a 3rd party tool for granular control, like Drivelock, ManageEngine, Ivanti, etc. You might add some SHA1 Hashes to the Blacklist (not sure if available with CC), but it's not practicable. --Michael@BWC
-
@Q_Mark disable "Add rule to enable redirect from HTTP to HTTPS" on all of your WAN Interfaces and they should not complain any longer about Port 80. I strongly recommend to avoid having this option enabled, which is IMHO the default setting. --Michael@BWC
-
@colporteur I'am not familar with that specific model, but if you hold the reset button for about 10-15 seconds, does the wrench light not come up? The appliance should be in safe mode (192.168.168.168) and can be reset from here. --Michael@BWC
-
@KMBIT DHCP is on UDP Port 67 and 68, can you see any reply traffic from the SNWL on that? You should see VLAN 50 tagged traffic leaving the SNWL. Any traffic dropped here? If you check the DHCP scopes on the SNWL, is the 192.168.50.0/24 range assigned to X0:V50 correctly? --Michael@BWC
-
@pendek244 in that case I would crank up a Packet Monitor and look for UDP on Port 67 and 68. With Wireshark you can check in great detail what is going on. E.g. what DHCP options the Meraki is asking for and what the DHCP is offering. Maybe the Meraki is asking for the same address over and over again and the SNWL is…