Comments
-
It's stated in 6.5.4.9 release note. When the firewall communicates with the cloud on an http connection, the resulting content length header may be big enough to cause a stack overflow on the device. GEN6-2688 When the firewall communicates with the cloud on an http connection, the resulting session ID header may cause a…
-
What I can say is that it's a known issue on 6.5.4.8. Depends on your needs, you can open a support ticket or upgrade to 6.5.4.9.
-
They have more than 1 signatures now, please check. As a best practise, you should always have those security services(GAV,IDP) enable.
-
6.5.4.8 CPU is a known issue, they have kb for it. And our 6.5.4.9 is release and fixed lots of CPU&memory issue. Upgrade to 6.5.4.9 if you have issues.
-
Disable auto upgrade on appliance and window client itself?
-
It is proved that HTTPS is vulnerable to RCE on 10.0.11. 10.0.12 already fixed the HTTPS issue. The new vulnerability is not a critical one, dont think they will and it need immediate patch.
-
Maybe ESA is using it on some where not https. We have ran tenable scan on https port which return no result. Also tested simple POC curl cmd with https://log4shell.huntress.com/ Result still negative. Not sure why they switch the content, maybe it only affected on certain condition.
-
A bit off topic but the new gen7 admin guide also teach you how to block reverse shell and create custom signatures by using app rules. I think its good to have an idea on it.
-
If you really want to tailor IDP signature, app rule is great for it. Think about what pattern you want to block. Here I use: '${jndi:ldap://' convert to hex '24 7b 6a 6e 64 69 3a 6c 64 61 70 3a 2f 2f' cyberchef make your life eaiser: https://gchq.github.io/CyberChef/#recipe=To_Hex('Space',0)&input=JHtqbmRpOmxkYXA6Ly8…
-
@eric.burke SonicWALL IPS already got signature for it. But as a tech person, you need to know ssl traffic is not capturing unless you have DPI-SSL client/server running. And the signature seems working on http. Refer to larry link. A simple curl http test. Firewall IDP drop.
-
its a bandwidth issue...Usually low speed network will encounter this because too much data loaded on Gen7 UI.
-
This is expected behaviour. It can use to determine which appliance is in standby role from hardware level. Standby device always blinks with pattern.
-
M1 is ARM cpu, I dont think NX support ARM architecture. Even with window11, NX only support x86 based windows.
-
MC Server in access rule should be WAN(X1) IP address or WAN subnet IP address.
-
10.2.1.3 fixed a lot of vulnerabilities. Hope its stable that we can advise customer to upgrade.