BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@Enzino78 I took the Standard Support approach, that would have been to easy 😂 Did you do a packet trace on both ends (firewall & client) to figure out which traffic is generated and what and what not hits the firewall? --Michael@BWC
-
Hi @Enzino78 I was never in need for Netbios over SSL-VPN, but did you followed this specific SNWL KB article? --Michael@BWC
-
Steph, I believe this Notice is a leftover of the Dilemma from earlier this year. It pops up for all newer SMA Firmware downloads. If you're running some form of Radius with Challenge/Response I would stay away from 10.2.1.x at the moment, but it'll fixed soon. 10.2.0.8 seems to be solid at the moment, IMHO. --Michael@BWC
-
There is some light at the end of the tunnel, today I've got a developer-build from Engineering (SMA 10.2.1.2-23sv-SMA2935) and it seems to fix the Radius related issue. Hopefully this will be generally available soon. --Michael@BWC
-
@ltenny I'am not sure how your Router believes to find 75.51.206.55, because it's not part of the LAN facing Router-Interfaces, which is 10.5.1.0/24? Do you have a chance to route 75.51.206.55 via 10.5.1.2 on the Router itself, that should do the trick. --Michael@BWC
-
@SteveBottoms create a group in the AD and assign the Users as members which you like to grant VPN access to. Import this AD group (which is only a reference) into the NSa and add it as Member to the SSLVPN Services Group, et voila. --Michael@BWC
-
I'am not 100% sure how, but 1Password is able to handle a Gen7 login just fine. It shows userName and pwd as detected form fields. --Michael@BWC
-
That's correct, if everything is forbidden, you have to allow what's necessary, VoIP -> WAN in your case. --Michael@BWC
-
No, VoIP will not be able to communicate with LAN, you have to create Access Rules for allow any traffic. Default will be Drop Traffic. --Michael@BWC
-
@PaulS83 you have to disable the Interface Trust for the LAN Zone or put every VLAN in it's own Zone. Make sure to disable the automatic creation of Rules in the Zone settings. --Michael@BWC
-
@Alberto that information is not stored in the configuration file, but you can extract with some script magic from the TSR. --Michael@BWC
-
@Enoch_F you're right, this cannot be done with VPN alone. In that case I would put a Mikrotik Router in the mix by establishing an EoIP Tunnel. But in your scenario I'am not 100% certain, because it seems your EVPL does provide some form of Bridge for your subnet? With EoIP you would have two Bridges which calls for…
-
@Alberto AFAIK only User/Groups can be used from the LDAP Directory. There is no relation between Address Objects and LDAP Groups. But the request does not sound unreasonable to me, maybe you should create a RFE for this if it's something you really like to see implemented. Every other user with the same demand should…
-
@SuroopMC thanks for taking the time to give your view on this and provide some Information for the Road ahead. But the main question still stands, the S1 Agent comes with the Remote Shell and can be abused either by accident or intentional. It's more than questionable to give an administrator the ability to remote log in…
-
@tejasshenai did you assigned all the ports to the same PortShield Group? Then the answer would be no, because it's a simple bridge group and all ports are equal. You have to create another PortShield Group (or single interfaces) with different subnets, depending on your requirement. --Michael@BWC