Comments
-
Similar problem, 1gbe leased line at office and 900mbps fibre at home. 29mbps dowload and 31 mbps upload is what I am seeing when testing via fast.com. Initially thought there might be a throttle setting like those you see on guest network but can't see it.
-
@Bruce_Briggs thank you my friend the port 8080 custom packet filter works, fixes more than one speed test. Fing uses somethign similar I think or may be rebadging Ookla's test. @morpheus27 thanks for reminding me of fast.com. Micrsoft support is telling me they use it but I couldn't remember what url they said.
-
Thanks Bruce, much appreciated. That works a treat, I set up an https proxy action and used the SD-WAN in failover with the new ISP as primary. Did notice I am not getting the full bandwidth on the leased line though. Is there any throttling in SD - WAN in failover?
-
will give it a try now, thanks Bruce :)
-
Bumping an old post but can I use Bruce_Biggs SD WAN trick to route from a single IP to the second External WAN? I want to test a new connection before I switch over to it for everyone.
-
Seeing similar large pending IP list and high CPU. Also seeing IP addresses in the Pending IP List in SSO Tools > Information > Status that are within SSO Exclusions Network Ranges on the firebox. Which is even more confusing. Have an open case 01980883 because ELM stopped working after the most recent update to the…
-
@giox069 , you have pretty much duplicated what I did with exactly the same result. Problem became critical not long after I followed the tip not to have the service user as a member of domain admins and instead give it permissions to access logs. I may have solved it by putting the SSO Client on all our end user machines.…
-
@"james.carson" Thank you, I just tried to post on that blog that Mandiant has reported that 3CX supply chain attack was a first of its kind in that they had themselves been the victim of a supply chain attack first, that seems to be still awaiting moderation as well.
-
I am currently running post infection scans with third party Thor lite which gave 3CX customers a YARA like scanner for free till the end of the month. We are seeing possible Meterpreter "ReflectiveLoader" attack and I am trying to get Watchguard to clarify if we are protected or not. Initial response is Thor isn't our…
-
@Bruce_Briggs I don't think it is wrong now, it was wrong to state they detected and prevented initially. That was misleading to say the least.
-
@Bruce_Briggs That's what they said in the article and when I tried to leave a comment to say that wasn't my experience the moderator decided it wasn't for publication.
-
hi @shaazaminator the answer is no it wouldn't. I can say that because AFAIK the EDR is a rebadged Panda AD360 which Watchguard purchased. We have this installed on every PC and Server in the place along with a Watchguard Firewall. Did not detect the installation and running of the supply chain attack infected executable…
-
Hi James the recent autodiscover hack has shown that packet filter alone can't help with that attack and Proxy is possibly the only way to add the specific rules to only allow the companies actual Autodiscover addresses and block all other autodiscover.xyz. domains. I am currently in support with a problem and the request…
-
Earlier suggestions from the list author do not work i.e. to add the list to windows host file (won't work hits hidden limits its 8,000 lines long) Initial Watchguard advice re: importing to the fireware block site list won't work due to the limit of 2048 FQDN in the block list also the list "as is" contains illegal…
-
Hi dugyodi Have a ticket open with support at the moment and have pointed them to this discussion to see if we can get this clarified
-
https://www.theregister.com/2021/09/22/microsoft_exchange_autodiscover_protocol_found/ there is a massive list of domains to block. The suggestion is to use the Hosts file in %SYSTEM%\Drivers\Etc on a windows system to block it by appending this massive list…