BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@DavidBlake I assume Auvik is getting its data via IPfix/Netflow or Syslog. AGSS includes AppFlow so you should be good to go. --Michael@BWC
-
@ngman1960 did you compared the current situation with the documentation already? According to the KB-article solid light means rebooting, but not forever. I guess you need to get in touch with support or attach a serial console to the unit to see whats going on. --Michael@BWC
-
@ckonrads according to the screenshot you need to use AES-256 (without any suffix), but you might struggle with the DH Group, because 15 is not supported by SNWL. DH Group 5 isn't accepted from the remote side? This would be my best guess, but DTAG should provide information except they wanna sell you a new router. If you…
-
@ckonrads GCM and GCM16 have a different size of the ICV (Integrity Check Value), I guess GCM (without number) has 64-bit ICV and GCM16 has 128-bit ICV. From what I see in your screenshot GCM is the way to go, but to be honest, if GCM does not work, try GCM16 and if this does not work get in touch with DTAG. The system log…
-
@Ajishlal this was definitely a release which haunted me with drops for no reason. A reboot resolved the situation. Both possible solutions are disruptive and a pain for production environments. --Michael@BWC
-
@Ajishlal which Firmware, I had similar drops before 6.5.4.12. Allowed traffic per Rule was blocked for no reason because of a Firmware bug. I guess you already checked that the dropped traffic should be allowed by a proper rule. I'am not sure if routing to DropTunnelIf is causing the same Drop Code. --Michael@BWC
-
@BasM did you enabled the Option "Enable NAT option to override MAC address" in your internal settings? https://<yourappliance>:<mgmgport>/sonicui/7/m/diag I never used that option, but publishing the MAC address of an internal device to the WAN port sounds strange to me. Wouldn't that require that the Firewall is…
-
@mimiz you will not see the SNWL Interfaces in the traceroute until the Option "Decrement IP TTL for forwarded traffic" is enabled in the Firewall Advanced settings on your SNWL Appliances. --Michael@BWC
-
@Paulw DPI-SSL/-SSH is included with your TZ 370 (and any other appliance). --Michael@BWC
-
@Bijukumar that's a bummer, you should get in touch with your Partner Manager or Regional SE for that. If I remember correctly contact details are available in the Secure First Partner Portal. Maybe @Community Manager can escalate as well. --Michael@BWC
-
@CHEOPSken do you mean that endpoints with GVC can only connect from a single country to your TZ 400? The only way is to limit the IKE Access Rule in WAN-to-WAN with a custom GeoIP policy. But this will affect your Site-to-Site Tunnels as well, you might add additional Access Rules for enabling them connecting from other…
-
@Eddie I'am a bit confused, this looks like a standard scenario when LAN is behind a Core Switch etc., which is a router at the end of the day. You just need a Route for 192.168.0.0/24 pointing to Gateway 192.168.100.1. Your router needs a default route to 192.168.100.2. That's IMHO it, don't see any reason for more…
-
@mimiz don't put any machines in the "DARKFIBER" Zone, this will not work. They need to be in the LAN (or any other zone) and then it comes down to simple routing and access rules. --Michael@BWC