SonicAdmin80 Cybersecurity Overlord ✭✭✭
Comments
-
OK now I found something. Seems that it's automatically created and can't be removed. I couldn't find this information in the PDF manual, but it was in the web help pages: "Once an LDAP authentication domain is created, a default LDAP group will be created with the same name as the LDAP domain name. Although additional…
-
Looks like I can delete the whole domain and then the groups disappear as well. But if I create the domain again with the same name, the unremovable group comes back as well.
-
Absolutely, in the inbound path use the setting: "This is an MTA. Route email using MX record routing with these exceptions: Email sent to email addresses or domains in the table on the right is routed directly to the associated IP addresses or hostnames in Round-Robin mode. Email is queued if necessary."
-
I don’t use GVPN but at least with SSL-VPN you import the group from the LDAP settings page and then add it to the SSL-VPN services group.
-
Good to hear we are not the only one. Also looking at comments on downdetector it looks to be a wider issue and not just a few IPs so good to know it’s not our fault. Some reassurance and a place to point the finger when users ask about the delays and NDR’s. Microsoft support hasn’t once admitted that it could be a wider…
-
That's my feeling as well. I have some messages failing DKIM verification and others not from the same sender. So could be a key rotation issue but can't really be sure who to blame.
-
Not even a manual keyset upgrade brings the license into the unit. How is this possible? It shows up on MSW but not when logging in from SMA or with manual keyset?
-
I see the license on MSW but synchronize doesnt' work. Even "Activate, Upgrade, or Renew services." doesn't show it after logging in. Perhaps I have to wait or do a manual license upgrade.
-
It's also unclear how user passwords are compromised. The recommendation is to reset user passwords, but if the vulnerability is a complete authentication bypass is there actually risk for password leakage?
-
Gen 6 UI works with SonicOS 7 for setting Geo-IP policy for access rule.
-
I'm trying to do Geo-IP on an access rule on Gen 7 UI, which doesn't work. Let's see if it works even in Gen 6.5 UI.
-
Is the vulnerability in both the management interface and regular user login side, or only in the management interface? It isn't very clear. How would we see if it's being exploited? If doing Geo-IP restriction, is it better to do it on the firewall in front of the SMA or on the SMA itself?
-
Did you suppress creation of automatic access rules when creating the tunnel and created the RDP rules afterwards? SMB file sharing uses TCP port 445 so allow that if it's not.
-
This is speculation at this point, but it does not look good. This might be another SolarWinds. The information until now only mentions NetExtender version 10 to be vulnerable, so perhaps it has been injected with malicious code that allows bypassing authentication. Hopefully they release more information soon, example a…
-
Mobile Connect is "end of support" on Windows: It seems to still work with firewall appliances, but with SMA 100 series I had problems with it and had to switch users to NetExtender. So at the moment NetExtender is the only supported client on Windows.