Comments
-
Thanks James, My ideal setup was to use the Firebox for the AuthPoint gateway, and then let the Firebox be the link between my Active Directory and the AuthPoint licences in the cloud. So, based on your post, the firebox in question can 'be' an AuthPoint gateway, as it has the required firmware. I thought that was the…
-
Simple removal of the route, reboot the firebox and then re-add the route solved the issue.
-
Nevermind! Found it! Why I couldn't see it I don't know!
-
Ok, Bruce. Case opened. Will update this discussion when done.
-
Yeah, but it is included in the route and I am coming in from a VPN on the other firewall... So I need to know how to 'allow' that range.
-
Hi Bruce. I have attached a file with two traffic monitor logs and the static route. I have tried the route with 1 hop and 2, neither made a difference. All IPs are internal so I am happy for you to see them. (I may have tweaked them as well)
-
Nowhere else.
-
Thanks Bruce. The gateway address I used is the IP of the current firewall, sitting on the same trusted network as the new firewall. As the other network is connected via VPN, the current firewall doesn't have an IP address on the problem network. Could that be the issue?
-
To complete this discussion: the issue was with the Edge device at the other end. It need to be rebooted after the changes were made for the VPN configuration to commit properly. Nothing wrong with the Firebox.
-
That's certainly worth a test to see if it takes. Thanks.
-
Thanks for the reply, Bruce. Yes, I have a BOVPN-Allow.in policy. I recreated it as well when I unticked, saved, then re-ticked and saved again. Yes, I alter both sides at the same time and then rekey. The odd thing is that the tunnel does link up and I can see it in the WSM manager. I can even ping through the tunnel from…
-
Thanks for the replies. The reason for the question was to block certain departments mobile phones from connecting. When I had DHCP managed by Windows server I could add a bunch into Deny, which stopped them getting IP addresses as well.
-
Excellent work, Bruce. All working now! Yes of course, the packets would have the source of the external IP of the initial firewall, so the 2nd firewall would send them out to the Internet. Great work again.
-
Another query on DHCP for the M270: Is it possible to block certain MAC addresses from getting an address?
-
It's the current count I'm after, so I know if I'm running low. I'll wait until 12.7 is out of Beta then. Will I be able to upgrade directly from 12.4?
-
Thanks. Is there anywhere that tells me how many IP addresses I have left in my current pool? Even a count of current leases would be enough.
-
Thanks Bruce. I must confess I never use the Web UI as I always lived in System Manager.
-
Bugger. Ok, thanks for the quick reply.