BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
Lou, you should not give up, if your server is listening to port 2525 the Rules are straight forward. NAT: Original Source: Any (or the allowed IP from the Internet) Destination: X1 IP (your WAN Interface of choice) Service: 2535 Interfaces: leave them to ANY Translated: Source: Original Destination: Server IP in the LAN…
-
Steph, that is an excellent question. AFAIK Starlink is offering static IPs as well, maybe they are geolocated differently than the pool addresses? On of my customers is installing a Starlink in the next days and I can report back. —Michael@BWC
-
@louyo the terms "Original" and "Translated" should give it away, this is NAT 101 and of course possible. Original Service is 2525 and Translated should be 2535. The only pitfall that comes to my mind could be the Access Rule. You have to make sure that WAN to LAN (or DMZ) Access Rule is allowing 2525 not 2535! Access…
-
You can enable Authentication by clicking the Advanced Button on the page you mentioned. —Michael@BWC
-
@David W I created #44779446, if you like to assign it to you, I would highly appreciate it. —Michael@BWC
-
@Vivek did you had a chance to do some testing? I guess it's not an issue if the AD DNS answer fits into the 512 UDP packet, but after that it causes trouble. Maybe that's the reason why it does not comes up that often. —Michael@BWC
-
There was an update to 5.0.13 to me this morning, maybe this was related and 5.0.12 got pulled (halfway)? Does the issue still persist when trying to download 5.0.13? —Michael@BWC
-
@Pocho I tend to disagree on that. I'am not trying to enforce all DNS Requests and if the DNS Proxy Cache is going only to work with UDP, that is something I can live with. DNS Proxy for TCP is working fine (AFAIK), but the Split DNS isnt. Funny thing is, 7.0.1 Internal settings has a toggle for DNS Proxy Protocol, UDP+TCP…
-
@Vivek I checked on my 7.1.3 appliance at home, and it is the same, Split DNS does not work with DNS requests over TCP. —Michael@BWC
-
Hi @Vivek this option was already enabled but is IMHO not relevant here, because I'am not trying to resolve a FQDN. —Michael@BWC
-
You have to make sure that ALL IKEv2 Policies with a dynamic Peer IP (0.0.0.0) are configured identical on Phase 1. All other IKEv2 connections with static IP addresses are not affected, your hunch was right. —Michael@BWC
-
No NAT rules, I can't see a reason why, because all traffic is routed through the SNWL (when configured as gateway). But you might check the Access Rules from LAN (or WLAN) to MULTICAST, I'am not sure if they are set to "Allow" by default. —Michael@BWC
-
I don't do much with Multicast, but my configuration at home comes down to this. This address group currently holds a single object for 224.0.0.251 (mDNS) in the Multicast Zone. Multicast support is enabled in the Advanced section of the interface which houses my AppleTV and on the Interfaces where my different WLAN SSIDs…
-
@ASTech2020 this is weird, but at least from my location it is accessible without issues. Did you checked with a different internet connection or different browser (private mode)? It might be a geoip related issue, hard to tell. —Michael@BWC
-
@ASTech2020 NXT 10.3.1 is still available on MSW and over here: —Michael@BWC