BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
-
@Juan_Moreno OK, no problems here for that matter. Are you using Tunnel All or just a few Networks for the Client Routes? Do you have Always on VPN activated? Did you checked your Mobile Connect logs for any hint? --Michael@BWC
-
@Daveberts this got you covered and the answer seems to be yes. --Michael@BWC
-
Hi guys, are we really talking iOS 16.1 (which is a Beta) or 16.0.1 (which should be updated to 16.0.2)? Do you all use the internal MFA or plain Username/Password for authentication? I only tested with Username/Password, but can give it a try with MFA at the weekend. --Michael@BWC
-
@jess_gagne for any details you need to compare Release Notes. Besides some minor improvements the biggest step seems to be the Integration of WireGuard additional to the SSL-VPN protocol. This worked pretty well for me but I did not do any performance comparisons so far. From my last exploration under the hood, I cannot…
-
@Teleporter IMHO it's not DHCP per se, it looks like if the public (routeable) IP got assigned to the WAN Interface. Having a private IP assigned from a router in front via DHCP did not caused this. It's a fuzzy situation, so I would not take any bets on my DHCP theory. It is probably caused by some compatibility issue…
-
@Teleporter it seems that issue is related to TZ 270 only when attached to some form of Modem for DHCP. On all my other deployments with TZ 470 and up I did not experienced this problem. No TZ 370 in the field as of now. Even TZ 270s connected to a Router not showing this behaviour. I did not escalated this, because I'am…
-
@Simon_Weel I tried to reproduce, but no download gave me that GAV block. Does it happen for any download you try? --Michael@BWC
-
@Simon_Weel if you have DPI-SSL running, you could create a Match Object for the URL in question, create an App Rule for it and use the default Action Bypass GAV, that should do the trick. --Michael@BWC
-
@Juan_Moreno anything in the Mobile Connect logs which might give a clue? Did you tried SSL-VPN and Wireguard, what SMA Firmware version you're running? Other client platforms do not face any issues? --Michael@BWC
-
@Juan_Moreno tested with iOS 16.0.2 and Mobile Connect 5.0.11, SSL-VPN and Wireguard is connecting without any errors. Do you see anything in the Log of the SMA or Mobile Connect? --Michael@BWC
-
@SimonT I checked a few appliances and it's always webcfs06 and it seems that it's not driven by an Anycast DNS it shows the same IP all over the world. I'am having trouble with long loading times as well, but it is related to DPI-SSL. --Michael@BWC
-
@JSchultz that's a bummer, you might check with Support and hopefully it does not end like this: I don't have any 2.5 equipment to test with. --Michael@BWC
-
@nqkhoi IMHO SNWL does not support native GRE Tunnels, that's the reason why I'am running Mikrotik Routers besides them for GRE. There is some GRE Tunneling for SonicPoint L3-Management, but IMHO nothing you're looking for. --Michael@BWC
-
@solmssen you have to activate this option in the Internal Settings of your Firewall. Get into the internal settings (shown below) and activate "Log Virus URI" in the Security Services section. Please don't mess around with the other settings, they are not documented publicly and can cause a lot of trouble. --Michael@BWC