BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@Ben I believe the Modem is not able to act as a DHCP server and assign this static ip to the X1 interface? I'am not aware of any other method to assign a IP address to the SNWL interface. --Michael@BWC
-
@ThK as mentioned, it seems that the RDNS issue got resolved, because reverse mapping looks good to me for now, SOA record of 221.240.173.in-addr.arpa indicates that there was a change on April 21st, hopefully for the better. But it may take a while until Telekom picks it up? I don't expect to have this properly addressed…
-
@Enzino78 that is very interessting, but the current DoH situation on SNWL goes IMHO a bit deeper. I guess the DoH was enabled manually on Chrome by checking Secure DNS lookups? The CFS categorization is incorrect, that we can say for sure. But DoH (if not addressed properly by SNWL) will cause more problems, like FQDN…
-
@Micah you might tell the PSIRT guys to edit the Security Advisory, because it lists the supposed to be fixed Firmwares as affected which might cause confusion to the endusers. Hopefully the SMA 100 fix will be quick. --Michael@BWC
-
@Mello781 you got the information already that you should upgrade to 6.5.4.10 which fixes that issue, here my story behind all that from back in the days: --Michael@BWC
-
@rsenio since attaching the switch to X1 no complaints from the customer, the links was stable ever since. Hope this fixes your issue as well. --Michael@BWC
-
@Enzino78 SMA would be a fit, but you should consider that for anonymous connections (without authentication) you have to subscribe the Web Application Firewall on the SMA. If you have a SMA already this might be an option, or you could go with NGiNX, Apache etc. --Michael@BWC
-
@TKWITS I'am deploying a bunch of Gen7 appliances at the moment, wasn't paying enough attention :) That's the discussion from the past which might fit. --Michael@BWC
-
@Enzino78 this is not possible with Server DPI-SSL, your best option is to put a Reverse Proxy behind the Firewall and distribute the requests to the different web servers from there. --Michael@BWC
-
@works2020 did you had a look at this discussion? I guess it covers what you're looking for. --Michael@BWC
-
Firmware 6.5.4.10 for Gen6 Appliances is getting rolled out, the Release Notes mentioned CVE-2022-0778 for that. Still no Update on PSIRT. --Michael@BWC
-
@Mello781 I'am not aware of that this is possible and it's not listed in the reference Guide. --Michael@BWC
-
Firmware 10.0.17 for Email Security got released, fixing CVE-2022-0778, PSIRT still shows it as "Under review" but it might be affected after all. --Michael@BWC
-
@A_Elliott that's the way I'am doing VPN Tunnel Interface Routing. Creating two Address Group Objects, one with the local subnets and one with the Remote networks Create one or more routing rules, which routes the traffic from Local to Remote VPN Group via VPN Interface Create another Route with a higher Metric (usually 9)…
-
@Larry that's a bummer, I was hoping for the better, but it seems we have to figure out what have been really changed between releases by ourselfs. --Michael@BWC