BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@Nat ja it looks that way that there is some kind of Virtual Machine etc. involved which make restarting the OS possible. Wasn't expecting that it starts with NSa 4700+, I thought the platform is somewhat the same for all. So probably the rule of thumb is, if the Hardware does not freak out it's fine to Restart the OS only…
-
@Larry maybe it's a NSa thing only, cannot see it on a TZ 270, but on a NSa 4700 it's right below the Restart System. Double checked the Release Notes. --Michael@BWC
-
@Vish71 finally I've got your dilemma, you're right, if 12.2 is not available for download you cannot make sure you've got the latest hotfix. Therefore if I were you I would go for sure and open a ticket to verify with Support. I couldn't find any information about 12.2 hotfixes. --Michael@BWC
-
@Vish71 12.2 seems to be pulled, can't find it either. 12.3 is pretty old, you should consider 12.4. From my understanding you should install the latest hotfixes before upgrading. All the information you need is in here: --Michael@BWC
-
@mavaca it's either ON or OFF for the whole DKIM Validation. I'am seeing this DKIM Failures myself and wasn't paying that much attention to it, but after checking some Entries in the Message Logs I discovered that for some Mails which failed with DKIM Failures (body hash mismatch) the whole message information is wrong.…
-
@jtpryan as usual YMMV, I for myself decided not to go with the current offerings, but maybe some other Community Members has real world experiences with it. --Michael@BWC
-
@jtpryan depending on your Firewall model, the logs are stored in a ring buffer and will be lost after a short period of time. Without secondary storage you'll get not much out of the logs long-term. --Michael@BWC
-
@jtpryan looks good to me, just make sure that the Priority is 1, otherwise it would be probably below the Allow Rule :) You can verify this by showing all rules in the WAN-WAN matrix and sort it by Prio. First-Match counts. --Michael@BWC
-
@jtpryan I assume you mean trying to login to your Firewall (Management or SSL-VPN)? Therefore you need to create the rule on WAN-WAN, because internal services getting handled there. Best approch is to limit the HTTPS Management to known IP addresses only, the Source IP is editable on the default rule. Maybe it's possible…
-
@Chechler_2 as mentioned above, Client DPI-SSL should be enabled on the LAN Zone (it's enabled per Zone) and globally in the DPI-SSL settings. --Michael@BWC
-
@Chechler_2 I guess we're talking about Client DPI-SSL and this has to be enabled on Policy -> DPI-SSL -> Client SSL and in the Zone you like to have the encrypted traffic inspected, e.g. LAN. For obvious reasons I would not import the company CA cert, this should be kept away from any device except the CA server. I would…
-
@djhurt1 do you have multiple Inbound Paths (Flows) or just a single one? Is any of the Inbound Paths using the Authentication or is your anonynmous relay connector used solely? Is this still a thing? I can try to have a look in my logs tomorrow, to figure out which one holds some information, also @David W or @Gailand…
-
@Chechler_2 hehe ... this is a tricky one, easy to be overlooked. --Michael@BWC
-
@NM_20 on the NSA 2600 I had deployments for 200-300 Users without any hazzle, in all fairness, without DPI-SSL enabled. It probably depends how heavy the users are consuming the Internet and how much bandwidth is available. Any particular amount of Users you need to provide Content Filtering for? --Michael@BWC
-
@NM_20 that's a pretty vague question, do you have any specific model in mind? The limitations are probably not only performance based, maybe functional limitations weigh in as well. If you're running another solution already, I suggest you get familar with CFS to see if it fits. --Michael@BWC