BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@frank123 what kind of VPN you're using, Site-to-Site or Tunnel Interface? I guess Europe is your main site? Did you have the GVC network from your remote site configured on the main site pointing into the Tunnel? Did you do a Packet Monitor on both sides to see if any traffic gets dropped or goes the wrong way?…
-
@Eddy77 it's another Gen7 gem and already known, don't waste your time calling Support. --Michael@BWC
-
@emmotto it's very hard to analyze from remote, but first things which come into my mind are there any overlapping subnets on the WAN interfaces or do all 4 have their own discrete subnet? Did you checked your routing table (dynamic routing involved?) custom and default routes, maybe it's caused by some routing priority? I…
-
@sohand yes, the SonicPoints get their IP address from within the Interface Subnet. Have a look at this thread I had recently with another forum member, maybe it helps you a bit. --Michael@BWC
-
@Alberto You asked: Thanks for the reply. i had a failover on a 6600 pair. Two acl lan to wan with manual priority have moved. Has this never happened to you? I answered: No :) --Michael@BWC
-
@frank123 you should check that you have the appropiate rules on the Zone VPN to Zone VPN for the site where your GVC users connecting to and trying to access a remote site. On the remote site you have to make sure that Zone VPN to Zone LAN access rules are matching for your remote GVC network. All related networks in the…
-
@Dytech_Steve this can't be done in SonicOS, Tunnel All for everyone or noone. The SMA would give you more options on that. --Michael@BWC
-
@MacGyver the problem with the specific site you mentioned is, that the server is not returning the intermediate Certificate for "DigiCert TLS RSA SHA256 2020 CA1". That's a common problem if the admin of the webserver is not paying attention. I didn't tested it in detail, but in this case the "middle" Cert should be the…
-
@Alberto I can't recall of any problem that the Priority got messed up after a crash or regular reboot, sorry. --Michael@BWC
-
@Alberto correct, Priority is the main driver and First-Match is final, no other rules are processed. --Michael@BWC
-
@Robbert AFAIK it's not allowed to re-distribute the Firmware file, every customer has to open a ticket to get the file by itself. In the past I had to open a Ticket for each and every appliance I needed the hotfix for, which bumps the close rate for tickets pretty good, because they are so easy to handle :) --Michael@BWC
-
@JHSD to my knowledge there is Port Scan Detection (!) only and not Prevention. It's just a log entry to let you know someone is up to something, you have to configure your ruleset accordingly. If you don't like to see these messages, you can disable Port Scan Detection completely on the Internal Settings Page.…
-
Security/Encryption-wise there is no difference between a commercial and self-signed cert, just that you condition your endusers to trust any cert that'll come as invalid. It's hard enough already that users click "continue" and "yes" to everything 😁 --Michael@BWC
-
@lostbackups same goes for NetExtender/MobileConnect, it'll complain about the cert if Server-Name does not match the CN. If you're running your own CA you can go crazy and issue a SAN certificate with multiple names, which can include IP address or multiple names in a single cert, then it does not matter if your users…
-
@TheSonicFw the LDAP group import is just a reference to the LDAP group and does not hold any members. What do you wanna use the LDAP groups for? If it's for SSLVPN you need to manually assign the users, if you wanna use it for CFS etc you need to deploy the Directory Connector which communicates with the Firewall to…