BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@JaviSD you can easily check this with a Packet Monitor on the Firewall, if you can see the requested address in the Client Hello as cleartext it's not encrypted. I tested this with the latest Google Chrome on macOS and the Client Hello had the extension server_name filled with the requested Server Name, no DPI-SSL…
-
Hi @TonyA it was just this one case for any reason, but it stopped after 13 mails, lucky thirteen I guess. --Michael@BWC
-
@damonblank a more specific Address Object used as Source in your Route Policy will result in a higher Priority. Check the Order of priorities in the admin guide for details. But how do you make sure that the PC1 object always fits your dynamically assigned address? Do you plan to use MAC address as type? This object type…
-
@Pischta I guess it's the 50th time this month alone, but here again, the Packet Monitor :) It does not show you the rule/route information, but shows if packets are getting through or not, getting translated or not and moving thru which interfaces. The Connection Monitor holds some information about Routes/Rules.…
-
@Asif_Iqbal if any of the participating devices is setting this TCP flag you might be forced to enable it via Access Rule. I cannot see any negative impact, especially that you limited it with a tight Access Rule restricting it to your APs and the Extreme Cloud Services. I can't recall ever had to set this flag in a rule,…
-
@Asif_Iqbal about the TCP Flag drop, did you checked this article? --Michael@BWC
-
@TonyA I had these kind of drops in the past as well, don't know what AppControl is doing here, no logs no nothing to elaborate. But on the other hand, if DPI is disabled, how can AppControl interfere, shouldnt it be excluded completely? --Michael@BWC
-
@normic AFAIK there is no granular control over the Port Scan Detection, it's either on or off globally (via internal settings). --Michael@BWC
-
@Twizz728 did you really enabled the option "Disable DPI" in the Access Rules? --Michael@BWC
-
Is the "broadcast" done via Multicast or Unicast? Did you checked with Packet-Monitor what your Endpoint is doing when streaming? --Michael@BWC
-
@Asif_Iqbal the Packet Cache reasons can be safely ignored the invalid TCP flags are strange. Do you have DPI-SSL activated? Again, no SSO enforced? --Michael@BWC
-
@Asif_Iqbal 41473 is the dynamic source port, safe to ignore. What does the packet detail show for the droped traffic? I assume no event log entries from a security service subsystem? SSO is not enforced for LAN? --Michael@BWC
-
@Asif_Iqbal like I suggest in many other cases, crank up a Packet-Monitor and filter for the IPs of your APs, this will show you if the Firewall is dropping the traffic. It might be related to DNS, Enforced SSO or anything else, but first things first. --Michael@BWC
-
@Twizz728 as long as the Security Services are activated on WAN it'll be inspected. A seperate Zone without the Services will not do the trick, IMHO. You could create an Access Rule from LAN to WAN for that specific address objects, disable DPI for that Rule and you should have the special permissions you need. To not put…
-
@bmastel I'am selling these appliances for many years and the defect rate is really low, even for the new Gen7 devices no hardware failures (knock on wood). These kind of security devices can only shine paired with the security serivces (which come with hardware replacement), otherwise you could simply buy a router.…