BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
No NAT rules, I can't see a reason why, because all traffic is routed through the SNWL (when configured as gateway). But you might check the Access Rules from LAN (or WLAN) to MULTICAST, I'am not sure if they are set to "Allow" by default. —Michael@BWC
-
I don't do much with Multicast, but my configuration at home comes down to this. This address group currently holds a single object for 224.0.0.251 (mDNS) in the Multicast Zone. Multicast support is enabled in the Advanced section of the interface which houses my AppleTV and on the Interfaces where my different WLAN SSIDs…
-
@ASTech2020 this is weird, but at least from my location it is accessible without issues. Did you checked with a different internet connection or different browser (private mode)? It might be a geoip related issue, hard to tell. —Michael@BWC
-
@ASTech2020 NXT 10.3.1 is still available on MSW and over here: —Michael@BWC
-
Excellent question. @Community Manager any take on this? Because having only vulnerable release versions as migration destination is somewhat confusing. —Michael@BWC
-
I assume that the configured Primary Gateway Address for that VPN Policy is 0.0.0.0? In that case the "defaults" for dynamic endpoints are configured at Network → IPSec VPN → Advanced. Click on the Configure button next to "IKEv2 Dynamic Client Proposal". —Michael@BWC
-
The "Path listens on" is always your end and tells the ES on which ports it should listen to receive mails. In your case it listens to all addresses the ES has assigned to and only on the ports configured. IMHO your inbound flow should only cover port 25, because it's a gateway and not meant for MUA initiated traffic. The…
-
@ITRAD43 there is no exclude from IP Spoof detection, if the Firewall receives a packet from an address which is not routed over that specific interface it counts as spoof. Why is this device sending the ping from a wrong address? If this device is multi-homed? —Michael@BWC
-
This is good news, welcome aboard. —Michael@BWC
-
I've seen this for years and don't bother anymore. If it shows just a single message, it will most likely not list it and loading forever. I did not found any real logic behind it. I'am not a big fan of the queue management on ES. —Michael@BWC
-
@ngrubb crank up a packet-monitor on both sides with the IPs of both servers and capture only dropped packets, this should give you a hint if the firewall is involved or not. If there is ANY service allowed between them then it's probably not a firewall issue. —Michael@BWC
-
I did not received any CATP reports by mail for a while, but if memory serves me right, they could be found under Settings → Notification Center, which is the obvious path I would look for, NOT. —Michael@BWC
-
@adrb04 what Firmware are you running on the TZ 600? There was an issue recently and it "should" be fixed in 6.5.4.15-117n (dont confuse it with -116n) and 6.5.5.1-6n. —Michael@BWC
-
There are some shortcomings for SSL-VPN (no Wireguard, no fail2ban, …) and not being able to allow only authorized Endpoints is one of them. You just cant limit access to SSL-VPN on SonicOS at the moment, and I fear this will never change, because all roads are heading to Cloud Secure Edge for SNWL. The SMA (100 or 1000…
-
MAC addresses are Layer 2, SSL-VPN is on Layer 3. You cannot block based on MAC address when coming from the WAN. —Michael@BWC