BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@mouser18 this was covered a few times here, if you register an appliance through the Secure Upgrade Program you can do the "Register only" and have around 90 days to plan the replacement, after that or any time in these 90 days you can initiate the transfer which transfers custom licenses to the new one. It's a pretty…
-
@Tytec "Reboot tut gut" ... old german saying 🤓 [email protected]
-
@sdeyoung maybe it's related to this one? GEN7-37095 For TZ 270, TZ 370, and TZ 470 models only: the Enable Stateful Synchronization option is not displayed within the management interface for High Availability. If this option was enabled in prior versions, the setting will continue to function even though it is not…
-
@sdeyoung usually HA updates are pretty painless, maybe the trouble was caused by the older firmware. I upgraded multiple deployments in the last weeks, upload the firmware to the primary (which I make sure is active), wait for the upload to complete, initiate the upgrade, finish. I don't have any units without the…
-
@sdeyoung you tagged TZ 300, I assume it's a TZ 370 or something else? Both units running the 7.0.1-5111? I experienced something similar with a NSa 4700, when the secondary not accepted the update. [email protected]
-
@Asif_Iqbal that's an interesting question. Did you purchased an Essential or Advanced Secure upgrade? Only the Advanced edition comes with cloud management. [email protected]
-
@Tytec well, this screenshot shows everything and nothing ... please check what the negotiated SAs are, I believe the SSLVPN is missing here. Check the log on the Cisco side as well. Are you aware of any problems that the smallest negotiable size could be /24? I've seen this in the past, but this might not apply here.…
-
Does the subnet mask match on both sides for the SSLVPN subnet which is used in the Tunnel definition? Does the "Currently Active VPN Tunnels" section on the NSa shows only a single Active Tunnel for your VPN Connection to the Cisco or multiple? Anything logged on the Cisco which might be helpful here? [email protected]
-
@Tytec and the NSa? You're using an Address Group object as Local Network in the Tunnel configuration which holds all needed networks? [email protected]
-
@Tytec does your Local Network definition in the IPsec tunnel holds all networks in a group which need to be routed into the Tunnel? E.g. LAN and SSLVPN Subnet? On the Cisco side, is the Cisco aware of all Remote networks, e.g. LAN and SSLVPN Subnet on NSa? If there is no SA negotiated it won't work. --Michael[email protected]
-
@casidus I'am sure you've already done the obvious, testing from another machine, testing from local not remote, disabling any endpoint security which might interfere and check the browser console (developer tools) for any errors which might give a hint. This can't be a licensing issue right? I don't know how the virtual…
-
@casidus this is the Classic Navigation view which might be messed up. Did you clicked on the little icon (the 3 lines) in the bottom left corner to switch to contemporary mode? Another option would be to access the Internal Settings and disable the Option " Show Classic View Pages" is enabled. You can access the Internal…
-
@casidus can you provide a screenshot what actually is shown when you select Manage -> Rules -> Access Rules or Manage -> VPN -> Base Settings ... please blur any sensitive information. [email protected]
-
@casidus that would have been to easy. Is the whole Rules and VPN section missing from the UI or "just" your custom configuration? You did not selected IPv6 by accident and looking for IPv4 or have some other values in the filter which might hide them? I fear that needs to be addressed by Support, I cannot think of…
-
@casidus I have no experience with the NSv series but did you tried a different browser or Incognito (private) mode in your browser to make sure it's not just browser related? Browser issues are pretty common and annoying these days. [email protected]