TKWITS Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
We still need more information. Give us some IPs or something to work with.
-
The time clock vendor should provide documentation on their network requirements that you can base your configuration off of.
Not sure why the vendor needs inbound access, if the device can communicate out they would in theory be able to pa…
-
If you are putting computer names in your linux local HOSTS files I would suggest you do the same on the Windows machine. Make it easier on yourself.
-
Anything going LAN to WAN by default will have NAT policies applied. That is the way the IPv4 internet works 99% of the time.
Either way are you sure your internal routing is correct? If no traffic is hitting the access rule or packet captu…
-
Think about the issue. You cannot resolve names to IP addresses. What does that equate to? DNS.
If you are connecting to a network with Active Directory you should be specifying the AD domain name and DNS servers in the SSLVPN client settin…
-
Are the source and destination address objects in the correct Zone? 'MF1 Pro3 Device' in LAN, 'MF1 Monarch' in WAN?
If you mouse over the statistics icon (3 vertical bars next to edit) do you see any hits / packets?
Next step is the p…
-
Have you tried running a simple exe with the option to test? Like notepad.exe or cmd.exe?
If that works you know the client is doing what it is supposed to but may not like your files, if not than maybe try a different version.
-
Did you see the requirements here?
Can you provide a screenshot or better description of your access rule? Do you have any deny rules? Have you run a packet capture to watch the traffic?
I agree with Larry's comments. I have a handful of firewalls on NSM and barely touch it. Most of these devices I have access to either via a server local to the firewall or its direct WAN interface.
I had used their pre-cloud GSM years ago …
Plan your network addressing. Rely on defaults and you'll run into things like this. Using an entire subnet for DHCP is silly and lazy.
Everyone has their own way of doing things, but I allocate the least addresses to DHCP. Yes you may run …
have you looked at dynamic address objects?
I said 'remove the current configuraiton of X1' because I didn't want you to use the same IP address/mask/etc. on X1 and your subinterface.
Were you doing the ping from the X1:V10 interface? Did you set X1:V50 as the preferred Failover/LB i…
Remove the current configuration of X1 and add a subinterface to X1 tagging the appropriate VLAN ID.
@Ankur Larry's response is correct about how I reply to cases.
Is that what you are unclear about, or i…