Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
I suggest you test this whilst watching the state of the LB status/Target columns for each interface.
-
Can you use both WANs simultaneously in normal operation [ratio mode]? Do you have logical probing configured?
-
I just think this is a very misunderstood setting with SW's. Evidently :) So it's my understanding unless you install the certificates on all the workstations and/or servers DPI is doing absolutely nothing and eating up your ISP speed and firewall CPU If you enable DPI-SSL on traffic for clients that don't trust your cert,…
-
My question is this: Why not just connect each different WiFi network (Guest vs Business) to a different physical interface? If you need the capacity, or don't have managed switches [and separate APs for guest and business…..we're getting a bit implausible here], then use separate physical interfaces. If you have managed…
-
I think that port scan detection detects port scans whether your firewall would have allowed the traffic or not, so having a rule makes no difference. Additionally, I have a suspicion that some innocuous patterns of traffic will trigger the detection; imagine a scenario where clients open multiple connections to a web…
-
You need to raise a customer service request. You cannot transfer it yourself.
-
I know nothing about Checkpoint. The only sensible default, is to use the local and remote address as each IKE ID.
-
Is this connection subject to DPI-SSL?
-
You cannot not have an IKE ID. So I assume that means they're not setting them manually, and that's why it doesn't work.
-
Check your IKE ID. You will need to set them manually because you're using NAT. As to why it says Active, that's a Checkpoint question. Perhaps "Active" just means "Not disabled".
-
AFAIK the speed setting on an interface is not a limit, it's just telling the firewall how much bandwidth is available. If you want to set limits then you create access rules referring to bandwidth objects - those are what have the limits. So if you want to limit offsite backups to 100Mbps then create a bandwidth object…
-
Is SSL-VPN enabled on WAN zone? Is the port 4443? The default is 4433.
-
If it was standalone you could use Portshield [=use switch chip in firewall as a switch] and plug everything in to it. But Portshield mode is disabled in HA mode. I think there is a /diag.html option to enable portshield in HA mode, but it's at your own risk.
-
Doesn't look any different to 7.
-
Management services are enabled per-interface [look at checkboxes]. Each one enabled then creates access rules in that zone [look at WAN→WAN access rules] Other services: SSLVPN, this is enabled in the SSLVPN settings per-zone. Again, enabling creates rules as above. DNS proxy? I am not sure if it's possible to enable this…