BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@MM_Tech no, just upload the Firmware and you're good to go. There is something like a ROMpack, but in all the years with SNWL I never ever did this: --Michael@BWC
-
@CustomMetal just make sure that both sides honor the Idle Limit (check with the Connection Monitor) or force Sage somehow to keep the connection alive. --Michael@BWC
-
@mfelber I guess your ISP is using CGNAT (Carrier-Grade Network Address Translation) which concludes that you cannot access your SonicWall anymore from the Internet, because Inbound-Connections are no longer possible. You should ask them if they can switch it back. --Michael@BWC
-
@JodyNW license expiration warnings came in as local4.warning ... so it's not all Info after all. --Michael@BWC
-
@CustomMetal I guess you set the TCP timeout in the Access Rules allowing the traffic from LAN to VPN and vice versa? Does this TCP timeout shows up in the Monitor -> Logs -> Connections listing and Expiry is showing the configured values? Default TCP timeout is 15 minutes, search for the connections from the Client to see…
-
@JodyNW I activated the Logging of Priority in my rsyslog configuration and it seems that all events come in as local4.info ... will check back in a couple of days when hopefully some other ES-Alerts came in. --Michael@BWC
-
@JodyNW I'am currently running at the DEBUG severity to gather everything and only got two different kind of Event-IDs, ES-Alert and EmailSecurity. I cannot tell from the events at which severity the events will be logged. ES-Alert shows something like that: Summary="Manual backup is complete for globalsettings,…
-
@boe long story short, you cannot aggregate, this would be packet based load balancing which needs to be addresses by a router in front of the SNWL connecting to a common endpoint (ISP, Bonding Provider). The Load Balancing on a SNWL is session based, therefor you'll always end up in the maximum speed of a single link.…
-
7+ months in and still no visible progress, Engineering is involved and the DMARC issues should be fixed with the Release of Firmware 10.0.19 with no ETA at the moment. We'll see. --Michael@BWC
-
@JodyNW I'am self-promoting one of my older thoughts if you don't mind. It's still the same as mentioned at the end of this one, only one event per successful received mail, nothing more, no difference between the severities. --Michael@BWC
-
@TonyA GeoIP is now returning the correct Country information. It took only 3 weeks, could be worse (like ES or SMA cases). Thanks for checking. --Michael@BWC
-
@wsutton because you don't use the two Default GroupVPNs, the Options for "Management via this SA" isn't enabled in their settings by any chance? This is the only place to configure this, AFAIK, but never activated FIPS mode to verify. --Michael@BWC
-
@Drimalski if you're getting these messges since Saturday to Sunday night my guess is that the Systems are still trying to catch up. In the meantime all of my deployments don't report any stale DB anymore. It took some systems much longer than others. @David W and the TSR I spoke with today said that the Backend problem is…
-
Thumbprint Database problems are resolved, no more alerts. Depending on the customer environment it took sometimes longer than for others. About my WebUI issue, this is still under investigation. HTTP (after running "redirecthttp off" + "rebuildwebroot") was working fine (tricked myself because of the HSTS Policy, needed…
-
@David W @Gailand it seems that "only" the Web Interface isn't working anymore, mail is getting processed. The Thumbprint warnings still occur on most of my customer deployments, I advised them NOT to reboot until I figured out what is going on with my appliance. Any advice how to recover the Web UI? Currently it's only…