BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@Doug_Daniel it might be related to Windows RAS API, search for a newer version of this document: --Michael@BWC
-
@duemetri NAT is the only option here if you don't wanna go exotic with EoIP etc. If it's just a single device each I would try to renumber them to a new subnet at each spoke. --Michael@BWC
-
@duemetri it's called Hub and Spoke, this should give you some inspiration: --Michael@BWC
-
@Faysal that's correct, you need to forward all incoming requests from your Router to the Firewall, otherwise it'll not work. You need to do this for any port which should be accessible from the Internet. Just make sure to enable "Let the DDNS provider detect the IP Address." on the Advanced settings tab of the DynDNS, but…
-
@SWBS I checked on an appliance and it's only available in english, was the appliance destined for your local market? There is a localized Firmware version availabe, but I would not assume to get them delivered to non chinese speaking areas. You might SSH into the appliance and do the following configure administation…
-
@Faysal when you enable HTTPS Management on your WAN Interface and have a DynDNS Service enabled for that interface it can be accessed from the Internet. If your SNWL is behind a router it probably needs some form of Port forwarding to the Firewall. If you follow best practice and restrict who can access your Management…
-
@KyleL to establish a baseline here, the traffic seen by your EXS originated from the Firewall is HTTPS (tcp/443) traffic, because it's OWA related, right? The only two reasons which come to my mind possibly causing this are: NAT Rule which hides Source Address (Translated) behind X0 IP Using Server DPI-SSL offloading the…
-
@stevmorr just ignore the KB, -49sv got pulled so the Release Notes for -50sv are current and we just pretend there was never a -49sv. --Michael@BWC
-
@Asif_Iqbal you need to open up the details of your new NSa 4700 (Primary) in MSW and in the lower left corner there is a section with a ToDo list, one of the actions is complete Secure Upgrade. I don't have any unfinished Secure Upgrade in my Account right now, but you'll find it, it's obvious. --Michael@BWC
-
@Asif_Iqbal you should complete the Secure Upgrade process by transferring the old licenses and remaining days over to the new units. --Michael@BWC
-
@Simon_Weel sounds reasonable, you might be able to verify if you do a packet monitor to figure out what the appliance is trying to contact to, but this would be probably only academic and does not resolve the situation. You need to open a ticket for this to have it documented and maybe get a hotfix firmware in advance.…
-
@Redlance if it's an issue which needs to be fixed on Firmware level I would'nt hold my breath for a quick solution and rather install a DDNS client in the LAN to update the DNS record if that is possible. --Michael@BWC
-
@Norsmith to have the Secondary as Licensed as well it needs to be promoted to be active and you probably need to do a license sync. After that you can switch back to the Primary, but the license need to be loaded one time because these are not transferred from the Primary unit automatically. --Michael@BWC
-
@Vijay_Kumar_KV thanks for the information, the KB article does not hold any information about -50sv but I guess I'll stick with the vague "has additional security enhancements along with fixes for false positives." . --Michael@BWC
-
@Asif_Iqbal your upgrade plan looks solid to me. Just make sure that the old units are switched off before the new units get powered up. If you're running some form of NAC you might set the switch ports to ignore, this is sometimes forgotten but the new units come with new MAC addresses which need to be learned by the NAC.…