BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@Sliderhome did you bound your S2S VPN Connection to Zone WAN instead of Interface X1? I have two WAN Interfaces set up but only one IKE Rule for X1, not for the other one allowing inbound IKE Traffic. If you have GroupVPN enabled this might cause the additional Rule as well for e.g. X2, you might just add a Rule with…
-
@TKWITS sorry for the late response, I enjoyed a few days off in the beautiful Alps of Tirol (Austria) :) I might be a bit paranoid on that topic, but because anyone can register a system to pool.ntp.org I tend to avoid them these days. Having europe.pool.ntp.org enabled for example, connects to systems in countries I…
-
@MS500 did you tried to use an Inbound NAT Rule to open a different Port for SNMP and translate it to 161? Don't forget to create a proper Access Rule covering the new Port for Traffic to X1 IP and limit the Source of this rule to the static IP of your Monitoring System if possible. Having SNMP exposed to the public is…
-
@ArminF to the best of my knowledge the LAN -> WAN Rule needs to be SRC: LAN / DST: ANY / SVC: NTP / Action: Allow. This will allow any NTP Traffic but your NAT Rule will force the requests to your dedicated NTP Server. The reason why your Rule is not showing any Hits, is probably because you set the Destination Address in…
-
@ArminF to my understanding having this option enabled does not need any additional NAT rules. But as mentioned, the limitation is UDP only for whatever reason, even when the DNS Proxy is set to TCP+UDP, which is/was IMHO not the default and has to be enabled on the Internal Settings Page (that might answer your question).…
-
@ArminF did you tried the Option "Enforce DNS Proxy For All DNS Requests" on the DNS Proxy Settings first? I never used it and the balloon help showed it's limited to UDP requests only, but it might do the same you're looking for. --Michael@BWC
-
@ArminF RFC2132 is very clear on Option 4, it's a list of 32bit Value, aka IPv4 Addresses only. Same goes for Option 42 which is related too. The time server option specifies a list of RFC 868 [6] time servers available to the client. Servers SHOULD be listed in order of preference. The code for the time server option is…
-
@mcaouette are you using Client DPI-SSL on your NSA 4600? This might be the reason and the sites in question do need an exception. The sites might work if you properly deployed the DPI-SSL CA Cert, but certificate pinning etc will break it. --Michael@BWC
-
@xdmfanboy you scared me a little, because I deployed some instances last week, no trouble so far. I can see them for all of my managed appliances in the Download Center. As usual, did you tried a different Browser or Incognite Mode? My bet is on a caching issue, which happens a lot in MSW. --Michael@BWC
-
@samaj CFS Rating Lookup seems to work again, no more Tomcat erros. --Michael@BWC
-
@ArminF to the best of my knowledge, DHCP Server on the Firewall is not able to do any filtering, except per static MAC address. You can try to submit a RFE (Request for Enhancement), but I'am sceptical that there will be progress. --Michael@BWC
-
@JKLime the Community search brought this up, you might ask your fellow peers. It's funny though that a SNWL Employee is asking the community, not just Customers asking for Support 🤔 --Michael@BWC
-
@samaj I'am not affiliated with SNWL you might open a Support Ticket for this, because the Moderators in here just seem to not care. @Ena @Micah @MasterRoshi BTW I'am getting the same error like anyone else. --Michael@BWC
-
@richard_manchester I cannot answer your question, but just wanna point out some topics which might help to resolve this issue more quickly: - What SMA Firmware you're running? Because 12.4.2 Release Notes mention Java is not needed anymore, not true? - Does Connect Tunnel for Windows works as intended? - If Connect Tunnel…
-
Firmware 10.0.19 got released, but the DMARC issues are not addressed according to the Release Notes, got postponed because of the recent issues I guess. --Michael@BWC