BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@ThK I checked on two SMAs and I believe 730 isn't a default value. UPDATE: I checked a newer installation and the default value was indeed 730 days. So I might have changed it on the other systems, or older systems which gut updated having a different default value. SMA is always a fountain of fun and you have to peek…
-
@ThK this is somewhat strange, did you checked the settings on the LocalDomain Domain (because it's the admin), is there a password expiration value set? This is also the place where the Allow password changes permission is located. --Michael@BWC
-
@Frodo_Baggins ok ok, I was so focussed on this two locations situation that I did not realized that you just wanna share your internet connection from the other side via AirFiber if one side fails. If the AirFiber is exclusively used for this purpose I guess I would go the route mentioned above. You need to do the…
-
@Frodo_Baggins ok, I try to give a little bit more thought into this. I'am assuming you're running a VPN Tunnel Interface between your two locations via the fiber internet connection? If this is your primary connection between these two, you should create a route for this with a Metric of 1. If the route gets disabled when…
-
And the winner is ... @ThK 🏆️ ... 255.255.0.0 overlaps both locations, you should go with 255.255.255.0. You cannot reach the remote network because it's treated as part of the local subnet. --Michael@BWC
-
@RAFEEK if your WAN ip address is dynamic use the respective Interface object for your NAT and Access rules as I mentioned above. The default is "X1 IP" for example. Maybe this is something worth reading: --Michael@BWC
-
@RAFEEK is this for real? If you have a dynamic IP you cannot define an Address Object statically. Just use the X1 IP (or whatever WAN interface) in your Access and NAT rules and you should be golden. --Michael@BWC
-
@Frodo_Baggins IMHO you should strictly use WAN Interfaces, just use a dedicated Interface on your NSa 2650 and attach the AirFibers to it, assign this Interface to WAN zone and you're good to go. Having the bridge on your LAN IMHO is just complicating things. If you're doing multiple VLANs over the bridge I might…
-
@DuwanB no there is no option to create a range, you could group your hosts in a range with subnet boundaries but this would probably mean to rearrange your network, e.g. 192.168.168.16-192.168.168.31 could be addressed as 192.168.168.16/28. --Michael@BWC
-
@Rinconmike besides some PPPoE oddities (which do not seem 5050 specific) I would highly recommend 5050 over 5030. No reports of crashes etc so far. Update: Currently only TZ without HA deployed, I heard weird stories about HA deployments, but will face that myself next month at the earliest. --Michael@BWC
-
@ThK I was hoping that your private statement was true and Dmitriy took the Gen7 UI on it's way out with him, but I guess we cannot have it all. 🙄 --Michael@BWC
-
@ThK did you checked the internal settings, is the Option "SonicUI7 as default management GUI" enabled, which is the default? --Michael@BWC
-
@Chojin if you're talking about udp/443 usually caused by using Google Chrome Browser via QUIC protocol connecting to Google Services. I always suggest to block udp/443 because it cannot be inspected by the Firewall. --Michael@BWC
-
@jcurt7492 disabling the Cloud Id will make the download go through. --Michael@BWC
-
@Larry I checked a few Gen7 deployments and the automatic (!) backup do not go through on all appliances for any obvious reason. I'll try to modfiy the schedule on these, because I had good results on Gen6. --Michael@BWC