You can change the trusted interface IP address and the DHCP IP addr info using the Web UI (or WSM Policy Manager).
Once you change the IP addr with the Web UI, you will need to log in again using the new IP addr of the trusted interface of the firewall - 10.50.1.1
No. But you do need a Feature Key for your firewall when using Policy Manager.
You can download the Feature Key from the firewall site using Policy Manager: Setup -> Feature Keys -> Download
Did you connect to your firewall using WSM Policy Manager?
File -> Open -> Firebox
If so, Policy Manager should end up with the Feature Key from your firewall, then you can upload the modified config back to the firewall.
Best to open a support incident on this.
I'm not sure what SNMP queries/responses are possible to the passive member of a cluster.
Look at the destinations in FSM traffic monitor. You don't specify what OS your computers have, but any Windows computer and likely Macs will be using 443 to get their updates. Same for AV software.
Analyze before you block! This traffic could all be legitimate...or not. That is for you to determine by looking up the domains of the IP address you have seen.
There are various software programs that you can install on a PC to see what is going on.
. Look at GlassWire, which will tell you what program is allowing outgoing access, amoung other things.
. There are many software firewall programs which also can do the same.
. netstat -b, run in a CMD box with administrator privileges, will show you the current programs which have open outgoing ports
. you can run packet capture programs, such as Wireshark, which can show you the IP addrs to which HTTPS (TCP port 443) packets are sent, but they will not show the program(s) which cause this traffic
Yes you can.
I had to do a transfer of ownership before and it is pretty painless once you know the procedure.
The Action "Externally Remediated" means the Indicator was remediated by Administrators outside of TDR. Since APT blocker is not allowed to submit it for Sandbox File action, we effectively remove the Indicator from the Dashboard by rescoring it to a 1 without actually performing and real remediation actions on the file. TDR did not act on this file therefore I believe your backup software's crash was purely coincidental. If you find this sequence of events occurs again please put in a support case as you might be dealing with a defect.
So long as Azure MFA supports RADIUS and passes the SSLVPN group (SSLVPN-Users) as Radius attribute 11, it should work with no issue.
WatchGuard's MFA solution (AuthPoint) has a RADIUS server built into it's gateway software. This can be used with the SSLVPN.