BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@Suhail_Prkl I know a simple search isn't popular these days, but I guess this covers it in very detail. --Michael@BWC
-
@Niel did you blocked QUIC (udp/443) in your Access Rules? It might get overlooked by App Control because it cannot handle QUIC. --Michael@BWC
-
@RVicker do you need redundancy for SSL VPN (in which category you posted) or for Site to Site VPN? Multiple DNS names might work for SSL VPN (never tested) but for Site to Site (or Tunnel Interface) it will not, you need to define the connections separately. --Michael@BWC
-
@AmanChanpura you can have multiple WAN interfaces in HA, all you need to do is connect each WAN Interface per ISP to a switch and have it seperated in its own collision domain. Switch A (or VLAN 900) Primary X1 + Secondary X1 + ISP CPE Switch B (or VLAN 901) Primary X2 + Secondary X2 + ISP CPE Because HA is Active/Standby…
-
I checked against my SMA with SSL-VPN and Wireguard and I was able to log into just fine. The issue seems to be appear "only" when connecting to Firewall appliances. --Michael@BWC
-
@furicle what NSA and what Firmware you're currently using? Maybe there is an explanation for that. --Michael@BWC
-
@Gailand to the rescue ... I do not manage deployments with RAs, only All-in-Ones. --Michael@BWC
-
@SonicAdmin80 in the meantime I updated all systems to 10.0.24 without any issues. --Michael@BWC
-
@cyber_monkey the answer to that is still valid: You need an external log storage solution, the little ring buffer on the appliance cannot keep up. --Michael@BWC
-
@AlanE the message you're getting is more of a warning but do not cause any trouble if you're using different IKE IDs and PSKs for each connection. I'am running this scenario on multiple deployments with Tunnel Interface and various WAN interfaces on each side. (2:1, 1:2, 2:2, ...). --Michael@BWC
-
@john4938 I assume you need to make these ports available to the Internet? If this is the case your rules are not correct. NAT should look like this: Source (Original): ANY Source (Translated): Original Destination (Original): X6 IP or McLeod API Public Destination (Translated): McLeod API Private Service: McLeod API Your…
-
@Sprinklerman you might create a batch file for that using the CLI. Place it somewhere safe on your system. Please note that your password will be in cleartext in there. --Michael@BWC
-
@JCK it will probably not work because neither the Subnet B Router or the Printer on Subnet B know how to find your client on Subnet A, except you configure Subnet B Router to find Subnet A via IP of X2. Hopefully this will not cause any issues because the Router only sees half of the traffic. Other option would be to NAT…
-
@AJPixelbox I'am glad that you found a solution. Which Appliance and Firmware was that, because honestly I can't recall having this problem in all the years. There were other issue of course, but it DHCP was enabled it was working. --Michael@BWC
-
@ToddT this is a pretty basic task, have a look at this KB-article to get familar with Port Forwarding. This gives you a basic overview how publishing a Port to the Internet works. The additional steps in your case are create multiple Address Objects for the Vendor IPs create an Address Group containing all the Vendor IP…