Comments
-
Great! Do you know of any downsides to this, otherwise why do they hide it under Diag? Just did the conversion over night but luckily the switch to 10G connections wasn't on last night's agenda, so I have a little time.
-
Yep, a lot of that is done on the 2650, though failover works fine with just one cable between the two. I've got common VLANs set up for the two WAN links, DMZs, LAN, and everything fails over perfectly, to the point I have no problem rebooting the primary during the day. you lose one ping during failover and the users…
-
Thanks. Yep, I didn't even realize that I was going to now need two connections. Can these both be just gig even if the total data throughput is higher? Is it replicating all the data or just , as I suspect, session or state information, which should be far less volume? I'd hate to think I need more 10GBase-T SFPs after…
-
Not sure if I'm missing something. To avoid two connection profiles you'd have to use the same FQDN. How would one common public DNS server know to or be able to give two different responses to a DNS query depending on where they're coming from? BTW, I did wind up queryng SW support, and they said no dice on doing any kind…
-
"You don't need two SSLVPN profiles, you just need proper DNS records to handle internal and external requests for the same FQDN." Yes, thought of that. All public users are pointed to public DNS servers, so not sure how the distinction would be made. Only way I could see is if public users hit an internal DNS server,…
-
Yes, that is the traffic flow. I can ping from DMZ to ISP 1 default gateway, but as far as I can go. ISP 1 can ping to X1 (this is all set up on a test bed with an L3 switch acting as ISP 1 & 2). Customer insists his users are too stupid to handle two VPN connection profiles, one for use on the public side, and another for…
-
Any update on this? We're seeing this on same model, except 6.5.4.10-95n.
-
Where are you seeing these updates? I've been checking for two days and none of the announced TZ or NSA updates in the download center as usual. did they pull them?
-
I had some back and forth with support. They were not aware of problems with policies updating in 3.6.34, but offered to work with my setup to investigate. He did state that changes can take up to an hour, and when I asked if this was true even when clicking Update Policy on the client side his response was ambiguous.…
-
Ah, so they broke it! I hope they're aware of the issue, as I don't feel like going thorugh the pain involved in contacting support.
-
So you're saying that for example if I have porn blocked under the CFS Profile Objects and CFS was set to filter HTTPS, that if I exclude porn under DPI-SSL it only excludes it from HTTPS filtering, but not HTTP? Or it doesn't exclude it from the content aspect of the filtering, but does exclude it from protections DPI-SSL…
-
You've clarified a few things, but some questions remain. I've re-read it multiple times, trying to sort out what is being said. If DPI SSL alone cannot allow/block web sites, then what role does the CFS Category tab play if any? If DPI SSL is active, yet its content filtering unchecked, then does the normal CFS function…
-
You can install SW's certificate on IOS and Android devices, but it's a bit of a PITA to do a bunch of them without some expensive software. Unless it's a company device I'd make a SSID that parks them on a subnet without DPI-SSL. I do that for a library system client of mine.
-
Where does one find the classic mode? I know the icon for switching modes under 6.x, but can find nothing here.
-
Argh! Even though I registered it as part of a Secure Upgrade, it doesn't show under My Products until late this afternoon so I could finally get the key. I had to reinstall the same firmware it came with to eliminate the corruption warnings. I pre-set the X0 IP ahead of time before the import but still got stuck where I…