Ajishlal Community Legend ✭✭✭✭✭
Reactions
Comments
-
@hamod If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman (DH) groups 5 or 14, (or higher). Avoid DH group 2. DH Group 1 & 2 are do not provide an adequate security level against modern threats and should not be used to protect sensitive information.
-
@MihaAlpod Try to reinstall and make sure the protocol should be "Auto" & the Domain selection.
-
@AVO just do the packet capture.
-
@rfreeman If the SonicWave becomes unresponsive or seems erratic, you can use the Reset button to reset the SonicWave to factory default settings or put it into SafeMode. Use a narrow, straight object, like a straightened paper clip to press the Reset button. • To reboot the SonicWave with factory default settings, press…
-
@jtpryan You can follow the below KB for Exporting & importing the NetExtender profiles (SSL VPN). NB: The Registry key import should be before installing the "NetExtender".
-
@AVO make sure the "inactivity Timeout" configured in user sessions too. Users > Settings > User Sessions > Inactivity Timeout (minutes): Even if you configured the inactivity timeout, sometime it wont help because some process will send keep alive traffic or packets behind the scene such as DNS, NetBios etc. Since you…
-
@JamesY As per your network diagram, in Site C you have core switch & gateway device and VLAN's are created in core switch. from gateway device to Core Switch how the routing is configured?
-
@JamesY The Zone assignment is wrong. If its the remote firewall subnet, you would have to create address object with VPN Zone. NB: Assume you created the VLAN in Firewall.
-
@JamesY Show me the Address Object also which you created for the S2S.(From both end)
-
@kennymathews2003 You might be enabled the Ip Helper in wrong end of the S2S policy. Anywat glad to hear that your issue is solved. IP Helper Policy will automatically create once you enable the "Enable Windows Networking (NetBIOS) Broadcast" in S2S VPN Policy.
-
@Simon_Weel I did the test with my Gen6 unit & its working. Downloaded the zip file without any issue and i didn't exclude the CDN or FQDN. GAV Configuration: DPI-SSL Configuration: I dont have Gen7 unit with DPI-SSL to do the test.
-
@kennymathews2003 If you want enable netbios broadcast over VPN, you must have enable nebios protocol in IPhelper page. Follow the below KB;
-
@JamesY in that case your s2s having ACL issue. Can you brief us your S2S configuration so might be we can help you to resolve your problem.
-
@Simon_Weel As per your firewall log. It's blocking by the GAV & that's why i suggested to exclude if its legitimate fqdn for downloading the zip. The zip block is defined in the GAV policy so you would have to exclude from that policy only if you want to download the particular zip file.
-
@JamesY Can you check is there any other service such as SMB or telnet is working in between these two subnet? If its working, change ping service priority to high in access rule ( for the s2s ).