TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
If you are putting computer names in your linux local HOSTS files I would suggest you do the same on the Windows machine. Make it easier on yourself.
-
Anything going LAN to WAN by default will have NAT policies applied. That is the way the IPv4 internet works 99% of the time. Either way are you sure your internal routing is correct? If no traffic is hitting the access rule or packet capture than something else is going on... What did you mean you could ping both devices?…
-
Think about the issue. You cannot resolve names to IP addresses. What does that equate to? DNS. If you are connecting to a network with Active Directory you should be specifying the AD domain name and DNS servers in the SSLVPN client settings. If the device you are connecting from has been joined to that AD domain than you…
-
Are the source and destination address objects in the correct Zone? 'MF1 Pro3 Device' in LAN, 'MF1 Monarch' in WAN? If you mouse over the statistics icon (3 vertical bars next to edit) do you see any hits / packets? Next step is the packet capture.
-
Have you tried running a simple exe with the option to test? Like notepad.exe or cmd.exe? If that works you know the client is doing what it is supposed to but may not like your files, if not than maybe try a different version.
-
Did you see the requirements here? As far as management goes: even if you 'disable' an access rule for management, the rule still exists and something somewhere has it enabled. Check the MGMT interface, check IPv6 settings, etc. Also I believe that even if you have SNMP enabled on the unit, but not allowed on any…
-
Can you provide a screenshot or better description of your access rule? Do you have any deny rules? Have you run a packet capture to watch the traffic?
-
I agree with Larry's comments. I have a handful of firewalls on NSM and barely touch it. Most of these devices I have access to either via a server local to the firewall or its direct WAN interface. I had used their pre-cloud GSM years ago and found it lacking. Analytics was a big reason we tried NSM and as mentioned it's…
-
Plan your network addressing. Rely on defaults and you'll run into things like this. Using an entire subnet for DHCP is silly and lazy. Everyone has their own way of doing things, but I allocate the least addresses to DHCP. Yes you may run into situations where there are no addresses available to a new device connecting,…
-
have you looked at dynamic address objects?
-
I said 'remove the current configuraiton of X1' because I didn't want you to use the same IP address/mask/etc. on X1 and your subinterface. Were you doing the ping from the X1:V10 interface? Did you set X1:V50 as the preferred Failover/LB interface? This is an older article but it would help. Or you can have your…
-
Remove the current configuration of X1 and add a subinterface to X1 tagging the appropriate VLAN ID. Or you can have your 'co-working space' provide you an 'access' or 'untagged' port instead of requiring tagging from you.
-
@Ankur Larry's response is correct about how I reply to cases. Is that what you are unclear about, or is it the move of the firmware downloads out of the Download Center?
-
No worries, you figured out the issue and that is whats important.
-
I'll take some shots... but if you haven't opened a ticket you should. In diag.html page: Tracelog: Enable log the busiest task while cpu core is 100% for 1 seconds. Diagnostics settings: Number of jobs executed by data plance task to be tracked: 50 Enable include priority 254 task cpu usage. Watchdog settings: Report what…