BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
I checked my old cases and I could not see any pattern for this. Did you changed your last Support Renewal from 24x7 to 8x5 or vice versa? All of my few cases with GeoIP not licensed properly were started after 3 year renewals 8x5. If I remember correctly the customers had 24x7 before that. Either way, SNWL should put the…
-
@Chechler_2 did you tried on different Endpoints, cleared the Browser Cache or used the Incognito Mode in Google Chrome to avoid any caching issues? If it's working in Firefox I cannot see a reason why not in Chrome. --Michael@BWC
-
@djhurt1 is your Inbound Path using Authentication to deliver to your downstream server? I see Notifications from time to time that my ESA is not able to reach my SMTP server, could not figure out a reason for that, because all systems are up all the time. --Michael@BWC
-
@RedNet it did not happen to me again, did you blocked the USA via GeoIP by any chance? This messes things up pretty hard. --Michael@BWC
-
@Chechler_2 did you blocked QUIC (udp/443)? Because this is used by some high-volume Sites and currently not handled by most of the Firewalls out there. Just create an Access Rule with a Priority of 1 from LAN to WAN dropping all Packets for a new manually created Service QUIC (udp/443). This only applies if you're not…
-
@jtuckerchug I assume you're talking about SMA 6210, which is a 1000 Series Appliance. IMHO TOTP is enabled on Authentication Server Level, therefore it cannot be limited to specific Users and Groups, can't check myself right now, but I'am somewhat certain. I don't use the built-in TOTP, I rely on external Authenticaton…
-
@Larry where did your Action Bar go to? Is this new? Sometimes I'am struggle myself to find the proper Button, because it's either at the Top or the Bottom or pops up dynamically either directly at the mouse pointer or to the right of a column. --Michael@BWC
-
@Logon_GmbH this is in unison with the License Page on a TZ270 running 7.0.1-5080, but I cannot provide any real world experience how this will work out. --Michael@BWC
-
@narayanaswamy do you have a recent Config Backup or using Cloud Backup? Either way, you have to reset the Appliance to factory defaults and import the Backup Configuration, then you can set a new password (which you better store in a safe place). --Michael@BWC
-
LOL - I gave up on this. --Michael@BWC
-
Trolling or not paying attention, only one knows :) --Michael@BWC
-
@ArminF there is an implicit Drop All Rule for everything that is not handled and no additional Rule is necessary. This differs from you might know from iptables/netfilter based Firewalls or CheckPoint etc. Like you did, I'am creating a Rule only in times where I need to do some sniffing/logging. --MIchael@BWC
-
@ArminF did you enabled the events in the Log Settings for being shown in the GUI? Device -> Log -> Settings ... check for Category Network -> TCP (and UDP) and probably the Event TCP Packets Dropped have a very high Event Count ... to avoid flooding the log, these Events are not populated to the GUI, you have to enable…
-
@ArminF I would definitly go for excluding the IPS Signature instead of using an AppRule, because the amount of AppRules you can configure is limited, and maybe more performance hungry. Even Bypassing IPS in an AppRule does not hinder the IPS to log, I checked a couple ways on a Gen6 Appliance and it always got logged.…
-
@ArminF Match Objects are used for App Rules, there is a Policy Type of "IPS Content" where your Match Object would be selectable. --Michael@BWC