BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@lostbackups to avoid any "Common Name Mismatch Error" the CN (or SAN) has to match the Name with which you try to establish the SSL/TLS Connection. If you try to access via https://sslvpn.mydomain.de then the Cert has to be issued for sslvpn.mydomain.de. A self signed cert is IMHO a bad idea because you train your…
-
@LitBobOn the "manual" adress is the beginning of the reserved range for APs which goes from "Manually" up to "Manually" + SonicPoint Limit, e.g. 192.168.1.2 as start address and 8 SonicPoints reserves the range from 192.168.1.2 to 192.168.1.9. --Michael@BWC
-
Doon't mind the Exchange setting, this screenshot is from a Site-2-Site connection. --Michael@BWC
-
AES256 and SHA256 is fine, pick PFS Group 14 as well and you should be good to go. --Michael@BWC
-
If your SNWL is behind a router which does NAT you might need it, check over here for details: --Michael@BWC
-
Then my best guess is that you have no tick at " Enable NAT Traversal" in the Advanced Settings at VPN? --Michael@BWC
-
@anxion did you asked nmap to scan for 4500 as well? nmap -sU -p 500,4500 <WAN IP> --Michael@BWC
-
@anxion it's IPsec, did you enabled it? It's only available on your WAN interface, nmap from LAN will not find you anything. run this from the internet to your SNWL. nmap -sU <WAN IP> UPDATE: it shows the open ports from LANN, too! PORT STATE SERVICE 500/udp open|filtered isakmp 4500/udp open|filtered nat-t-ike…
-
@anxion to stay SNWL-centric you can check here: --Michael@BWC
-
@anxion yeah, the Portal might pull more attraction and if you check the latest history of vulnerabilities they were mostly related to authentication via http/s, so keeping this portal closed is a good approach, which I share. --Michael@BWC
-
@anxion security-wise I would rate anyone higher than the other, GVC might have better performance but might not work with internet-connections/routers your users might connect with. Does your port scan just looks for TCP by any chance? GVC needs UDP 500/4500. --Michael@BWC
-
@anxion if you wanna use SSL-VPN the port has to be open for listening to your clients, same goes for GVC. If you don't like to open any ports, you should consider using something like ZTN, but this might fit only for larger environments. --Michael@BWC
-
Hi @julian1 you enabled ssh on the X0 Interface and checked "Allow Management on Primary/Secondary IPv4 Address" in the HA Monitoring Settings for X0? SSH Port is still 22 in the Appliance -> Base Settings? I checked on a running HA cluster (NSA 4600) and this how it's done. --Michael@BWC
-
The evolution of my feelings about the ongoing quality of Support Services at this point examplary to the above: 🤣...😀...😉...😐️...🙄...😤...😢...😭...🤪 Thanks @Larry to take the burden for opening up a ticket on this mess. --Michael@BWC
-
@LitBobOn they are somewhat static (IMHO) but not managed via the common DHCP-Server. On every interface which is assigned to a Wireless Zone you have the option to reserve a SonicPoint/SonicWave Limit (Pool) from where the APs get their IP assigned. It's usually a pool at the end of a subnet. You might check into this KB…