Comments

• Tim, I've played around with it a bit with Edge 110, but no matter if I enable or disable this flag my system-wide DPI-SSL is accepted and now browser certificate warnings pop up. Honestly I couldn't figure out that Edge isn't using the System Cert Store. Is it a nothing burger or am I just not looking at the right places?…

  in Microsoft Edge changes TLS server certificate verification - which impacts DPI-SSL Comment by BWC February 2023
• @ErnestR I'am not familiar of any out of the box solution, but it might be scripted with NECLI, please check here for details: You might query the profiles first and if there is no fitting profile present you could create it. Or maybe the MSI Installer options are a way to go. Also worth looking into: It's meant for SMA,…

  in auto configure ssl vpn client profile with script or gpo Comment by BWC February 2023
• @Terminal_2312 is the appliance working as expected? Is it a HA deployment, if HA it might be the heartbeat shown on the standby unit? I checked with a running NSa 2650 and the wrench is off. The official description is listed below, I kid you not, its the official link provided from SNWL: --Michael@BWC

  in NSA 2650 System status LEDs Comment by BWC February 2023
• @david_2221 my Spoofing Filter looks for "From & MAIL FROM" against a dictionary, similar to the KB-article. As additional condition you could check against "Source IP" to whitelist your bulk mail senders, but no CIDR support which is painful. Works as intended. --Michael@BWC

  in Spoof IP dictionary question Comment by BWC February 2023
• @oturkan enable the Option "Disable Auto-added VPN Management Rules" on the Internal Settings Page, this enables you to delete most of the Rules you listed above. The Appliance needs to be restarted for this, I tested it a minute ago and got black looks from my daughters for the interruption at home 😀 There is not a single…

  in Delete auto edit firewall rules Comment by BWC February 2023
• @Larry 10 minutes for a TSR ... that takes patience to not cancel ... usually it's done in the matter of seconds. I guess it's to common to have some form of SSH or FTP server hanging around that SNWL assumes it as set. Most of the SMB are having some form of NAS, which provides FTP. But there is always the exception :)…

  in Seeking CLI assistance from those who use it Comment by BWC February 2023
• Oh you Windows people, I totally forgot about you 🤣 For scp you need a ssh server (on a linux box or on windows if available). The syntax is quite simple user = username on that system @server = ip address or name of the host where the ssh server runs : = delimiter /home/user/tracelog.wri = where to store the file, e.g. in…

  in Seeking CLI assistance from those who use it Comment by BWC February 2023
• @oturkan I don't have any Gen5 running anymore so I can't check, but what Rules exactly you like to delete, then I might give you a hint where they are coming from? Did you already restartet the appliance after changing the internal setting? VPN-wise I assume you're worried about these management rules? IMHO they can't be…

  in Delete auto edit firewall rules Comment by BWC February 2023
• @janvic123 hopefully I'am getting it right. NETWORK 1 will lose it's WAN provided by Verizon later on but the two NSA 5600 remains as it is and WAN is provided by NSA 5600 at NETWORK 2 only? Or do you plan to consolidate to a single NSA 5600? If you wanna do this you cannot have both appliances providing the same networks,…

  in How to link Separate networks Comment by BWC February 2023
• @Larry the syntax is pretty straight forward, I would go with scp if you have a ssh server (with scp enabled) near you. Check Page #1021 for details, there are some examples which clear things up. --Michael@BWC

  in Seeking CLI assistance from those who use it Comment by BWC February 2023
• @roger_92 is there a chance that the connections get dropped after a while when idle? It might be a timeout problem and you can raise the appropriate timeout in you access rule. Default for TCP is 15 Minutes, which might be not enough when not refreshed with a keep-alive. I saw this plenty of times. If this does not work,…

  in SQL dropping connection when in different VLAN Comment by BWC February 2023
• @KellyB I checked on a NSa 4700 HA bundle in MSW for you. If I remember correctly, first register both units in MSW, add the Stateful HA license to the primary unit. On the Details page of the primary unit at the bottom you can see the associated products, click on HA Secondary and select the HA unit you wanna attach with.…

  in I give up - Associating TZ670 HA unit (website instructions wrong) Comment by BWC February 2023
• @SonicAdmin80 I tried to trick the few-to-many by translating a whole network to multiple addresses (/24 translated to a group of 4 addresses), but the source always got translated to the same IP (out of the 4), so there was no load sharing over the pool, which would'nt help at all. Update: The internal setting "Allocate…

  in Outbound one-to-many NAT Comment by BWC February 2023
• @SonicAdmin80 don't kill me if it's not working, but did you tried Multipath-Routing for outbound SMTP traffic by creating a Default Route with Multiple Gateways? I don't have that at my disposal, but might worth a shot. Update: Forget everything I wrote about Routing .. you need multiple IP and not multiple WAN ... sorry…

  in Outbound one-to-many NAT Comment by BWC February 2023
• @DesertSweeper there is no much magic around it. Depending on how your connections are provided, it is simple as connecting both X1 interfaces to router #1 and both X2 interfaces to router #2. If your WAN router do not provide multiple ports you need to use a mini-switch or a bigger switch and seperate each link into its…

  in Best way to configure HA with Dual WAN Failover Comment by BWC February 2023
More Comments