Comments
-
Sorry to update my own call, but, i have added the site to the content inspection exception and all is now ok thanks Tess
-
ok, thanks
-
Email notification is setup on both dimension and the Log server. Dimension sends reports daily; the log server send an email saying:- 'daily appliance reports' has completed successfully, once a day. I am after an instant alert by email or even pop-up window, which seems to be an option when something triggers one of the…
-
Thanks Bruce. That is already set. The problem I have is that I have never received instant alerts through email notification, even when the option is set
-
Hi Bruce. Brilliant, that works Thanks very much
-
Thanks for looking again Bruce. I have added the new hex string. I will check if this worked tomorrow. How did you find the hex of the .exe please?
-
OK, i'll log it now. Thanks
-
Oh dear. I think I may have lots of permanently blocked sites that are no longer needed. I will have a review of them. Does Watchguard provide a list of sites that they recommend should be permanently blocked? I seem to remember importing a list way back, in fact, i have just found the list. It possibly wasn't an official…
-
yes I have added comments the ones that I manually added, it is the ones that were auto added that i wasnt sure about
-
Hi Bruce. I understand how to setup the auto-block IPs attempting to connected to blocked ports. What i cant figure out is how I know if the permanently blocked IPs in the list are out of date and need to be removed. Would you recommend a clean slate approach or is there a list of sites that Watchguard deems to be insecure…
-
Are you saying that i added everything in this list. I have had the firebox for many years and i'm pretty sure i havent added all these addresses. What is the best practice for keeping these up to date. Should I from time to time delete all entries and let the Firebox re-add them?
-
It is these that i am talking about:- Blocked sites with a Reason of Static Blocked IP, and an Expiration of Never Expire are permanently blocked. You cannot delete or edit a permanently blocked site from this page.
-
Yes
-
I certainly havent manually added the addresses, some of them are quite big ranges that i wouldnt add. I may have added single addresses to the block. The WSM shows that the triggering source is 'configuration'. Does that mean that they have been blocked at one time by a site one way or another trying to force access? How…
-
The list of Statically blocked IP addresses in WSM
-
That sounds really interesting, i will see if i can give it a go. thanks
-
Thanks for your quick reply. There are no denies from the incoming address. The policies are already set to logging and i have set the IKEV2 logging level to information; the next level would be debug, which i haven't tried yet.
-
Hi Bruce moving the Http & Https polices above the less restricted policies, resulted in the internal authenticated user no longer receiving the necessary permissions. Hi James Adding the custom rule to allow the access only from the internal addresses did the trick thank you both Tess
-
Thanks Ill give that a go. Brain is a bit frazzled now, so will leave it until tomorrow
-
There was no problem before the user was given remote VPN access. They would simply be in the office; connect to the authentication server on :4100 and then through this they are given a less restrictive application content policy. this policy is now given to them freely as soon as they connect via the VPN
-
That is the point. The user authenticating to the Firebox on the VPN automatically receives the relaxed policy, as the policy names them as user@firebox-db. When logging in as user@radius-db, the policy obviously isnt applied. I dont want the user to have the access from the VPN, the priviledge is only given from the PC…
-
Hi Bruce I don't seem to be getting anywhere with this. The problem is that the first policy that the Firewall sees with the user specified, is the 'relaxed' policy. The "IKEV2-User" policy has been disabled in favour of a more restrictive group policy I think that the only way around this for us is to stop using…
-
Sorry, I havent been back to look at this. I will try again on Monday
-
Ok, I think i see what you mean. I will have another look tomorrow. Thanks again
-
Sorry, i think you are going to have to spell it out for me. The IKEV2 user is named in the https policy and automatically receives the relaxed policy rules when connected via VPN. When the same user is connected directly on the network to the internet, they need to authenticate to get the same relaxed rule. If i add…
-
So, add a deny rule for the user when connecting from the 10.6.0 address and an allow for the same user at the 10.0.0.0 address? I'm not sure how to do that
-
No, there is no policy for the VPN clients as access needs to be just from the network, so anyone that can authenticate from the 10.0.0.0 address
-
Hi Bruce. Thanks for the quick reply The 4100 policy is restricted to internal ip address range ie 10.0.0.0 to Firebox The VPN clients connect on 10.6.0 The policies for the users is set above the 4100 policy. I did think that this may work in reverse, so I moved the policies below the 4100 policy, but no change in use.…