Comments

• @erickim for how long did you monitored the CPU usage after installing? Because this can happen because of the Full Disk Scan which is initiated after a fresh install. It should go away after a while, depending on the amount of files to be scanned. SentinelOne is usually not using much CPU time and I'am not aware of any…

  in cpu high (after install capture client ) Comment by BWC February 2023
• @Larry a one-click-stop for creating a Technical Support Package including everything needed would be convinient and it would be even better when Support actually looking into the stuff provided. Thankfully no recent support incidents. --Michael@BWC

  in Minor Rant - Obtaining files for support Comment by BWC February 2023
• @Master_Crane I guess it's right to assume that they should have all the same settings, but the Error 53 is IMHO a Windows thing in general not exclusive to SNWL SSO. You could try to switch from NetAPI to WMI (or vice versa), the log entry in the Firewall is from probing via one of these methods. I did not checked the…

  in SSO authentication issues Comment by BWC February 2023
• @Master_Crane did you checked this KB-article? In my experience it's the Windows Firewall most of the time. Also make sure that the Clients are logged into the Windows Domain properly. Directory Connector 4.1.20 got released, but not much changes to the aged 4.1.19. --Michael@BWC

  in SSO authentication issues Comment by BWC February 2023
• @DINESH because this is not a common problem (at least for me) I have the following quetions, which might lead us to a solution. ARP Caches on a specific Interface only or all of them? Interfaces are part of Port Shield or single? What does the Timeout Column indicates, does it stick at Timeout in 10 Minutes? Did you…

  in IP release issue through Firewall Comment by BWC February 2023
• @DINESH you might have put this thread in the wrong forum category, but anyways. The ARP cache has a default timeout of 10 minutes and if there is an IP no longer used you're saying that the ARP entry does not get deleted after 10 minutes? What Appliance and Firmware we're talking about? Does this happen only on a specific…

  in IP release issue through Firewall Comment by BWC February 2023
• @pcit_2023 I see no security benefit in changing client IPs every two days, because your IPs are natted at the gateway anyways. As mentioned before, Windows Clients sending DHCP Option 50 and requesting the same IP over and over again, did you verified what happens when you do a : ipconfig /release ipconfig /renew Is it…

  in Changing of IP every 2 days Comment by BWC February 2023
• @mikenco what you need is known as Tunnel All Mode, check this KB article. This will redirect any Internet Traffic from your homeworkers to your Firewall appliance and from there to the Internet. This is the one size fits all approach, if you need just a few destinations routed you can adapt accordingly. --Michael@BWC

  in VPN users to have same external IP as the Office. Comment by BWC February 2023
• @MustafaA courtesy of @morgan the encoded space (%20) needs to be removed from the link :) --Michael@BWC

  in VPN CLient download link unavailable Comment by BWC February 2023
• @exltec I'am not using CC anymore, but isn't CC on Linux stripped down to the S1 functionality only? This would explain why only S1 status is monitored. Capture Client for Linux does not run any additional processes beyond those required by the SentinelOne engine on Linux endpoints - hence any actions to upgrade the Linux…

  in Anyone uses capture client on Linux Endpoints ? Comment by BWC February 2023
• @Darshil this must have been temporary, because it's working fine over here. UPDATE: I misread your message, Connect Tunnel download is giving the error you mentioned, sorry for not being precise. @MustafaA you might do your magic again and fix the broken download. --Michael@BWC

  in VPN CLient download link unavailable Comment by BWC February 2023
• @Piotr81 check the internal settings for that, there is a setting called "Disable auto-added BGP access rules" which needs to be activated. Maybe "Enable the ability to remove and fully edit auto-added access rules" is helpful here too if you wanna stick with rules and try to disable them. You can access the internal…

  in BGP binding port 179 on all interfaces Comment by BWC February 2023
• @pcit_2023 I assume you're providing IP addresses through DHCP on the Firewall to your LAN clients? You can try to set the Lease Time in the relevant dynamic DHCP scope to 2880 (2 days) and hope that your clients not requesting the old IP over and over again. I believe that Windows clients sending DHCP Option 50 with the…

  in Changing of IP every 2 days Comment by BWC February 2023
• @Terminal_2312 did you tried the MGMT Port with the Default address or 192.168.1.254? If the appliance is not working it might be in safe mode (accessible with 192.168.168.168 on X0 or 192.168.1.254 on MGMT). Serial Console might be helpful as well. You might be facing this issue: I guess it's time to call support to…

  in NSA 2650 System status LEDs Comment by BWC February 2023
• @Terminal_2312 I would say that it is blinking slow ... how about my questions? Is the appliance working as expected? Is it a HA deployment, if HA it might be the heartbeat shown on the standby unit? I checked with a running NSa 2650 and the wrench is off. If there is nothing obvious in the log which explains some kind of…

  in NSA 2650 System status LEDs Comment by BWC February 2023
More Comments