Comments

  • I was hoping it was going to be a quick fix, but it's off to the support center I go.
  • I think I have discovered the issue I had put in a BOVPN tunnel for accessing a group of workstations using the ANY IP option of the remote end of the tunnel. Removing the tunnel seems to have rectified the issue. I can now resolve names using nslookup, with both short and fqdn lookups. Thank you for the help, the ahh-ha…
  • Here's the ipconfig for the connection. It lists the proper dns servers, but still doesn't go. In this case I have one dns server local to the firebox and 8.8.8.8 set in the DNSWNS config for the network. I cannot see anything inside the firewall and windows lists the network as a public network not a domain network. I…
  • Sorry realized that might be confusing after the fact. Local to the firebox. DNSWatchgo is not installed on the device Currently working in the office right now and I can't test using a PC and I'm using strongSwan atm to connect and troubleshoot. But multiple PCs expereinced the same thing. I can post ipconfig later today
  • I'm not sure what happened here. We had a planned outtage in the office last night, and this morning when I come in all of the deny entries for the unhandled exceptions of ports 8500-8700 have vanished. Is it really possible that there was something hung up in the system that a restart could have fixed?
  • Yep, here's the complete list for the rule. 443 and 80 are open through proxy rules as well.
  • I should probably mention that this is all for outgoing webex traffic. So the calls wind up with no audio when initiated, not even ring sounds. I've got two other sites, one with an m270 the other with a t25, set up exactly the same way, without any unhandled packets. I'll test opening ports 17550 and the other denied…
  • The RADIUS is responding with three likely because I have one policy on RADIUS with one windows group, and then the three filter-ids listed. So now for testing I have: * disabled all existing the VPN policies on the RADIUS server * created a new policy with filter-id MFA_Users * disabled all the authentication servers…
  • It appears that the FilterID is being passed correctly.
  • Yes sir, as mentioned using the old radius method with a GW works as expected using the same MFA_Users group name.
  • @"james.carson" Thank you for the response. I had previously added my MFA_Users group to the users and groups list under as Any Authentication server, but added it specifically to the AuthPoint server with the same results. I've also updated the firebox OS in case there was an issue there, now running 12.8.2 Does it matter…
  • ugh... K thanks Gregg, I was sure it was something I was doing wrong.