@fre you should make your self familar with the Packet Monitor. If you limit the monitor to your endpoints IP address and look only for dropped packets you'll see real quick if they get blocked by th… (View Post)

Google (Chrome) and Mozilla (Firefox) are planning to implement the encryption of the Client Hello process. If you're using DPI-SSL this should not have much impact, but if you solely rely on "H… (View Post)

@Simon @tabbit the future is now (2 years later) and NetExtender still does not support TLS 1.3, feels embarrassing and isn't funny anymore. I would like to have my SMAs running in TLS 1.3 mode only,… (View Post)

I checked against my SMA with SSL-VPN and Wireguard and I was able to log into just fine. The issue seems to be appear "only" when connecting to Firewall appliances. --Michael@BWC (View Post)

@CHEOPSken do you mean that endpoints with GVC can only connect from a single country to your TZ 400? The only way is to limit the IKE Access Rule in WAN-to-WAN with a custom GeoIP policy. But this w… (View Post)