Comments
-
100% agree
-
i was thinking of 2 external interfaces with each ipv6 client enabled
-
i tried 0.0.0.0/0 and 0.0.0.0/1 + 128.0.0.0/1 instead of send all client traffic through tunnel both not working btw. its test lab/ not productive firebox V (not xtmv) finally building the policy from scratch solved the problem
-
is this FBX-6143 solved by now or anytime near ?
-
i allready have this proxy setting + lockdown url pathes but Microsoft so often has zero day problems with exchange that i do not feel happy with this.
-
fw is on 12.5.9 on the HP switch there are errors on the port where the firewall is. in Status Report there is nothing now, but I will have a look befor reboot, next time. what i will try also: put trusted on eth1 ( now it is eth4 ) and remove secondary IP if this does not help, I try if link aggregation has an impact
-
no ,its the same problem as above no traffic between lan interface <> internal network no ping (to static ip devices) , nothing until reboot of the firewall. vpn and external, optional everything fine already tried, different switch , different ethX on firebox for trusted , new cables all made no difference.
-
I have seen same behavior on two M200 without bridging. the only and strange thing showing up from lan in the traffic monitor ist dhcp requests any ideas what is causing this ?
-
what I found is that the sending MTA does not get a proper response if the size limit is reached, so it retries several times
-
some more questions on auth: * is it normal that users from bovpn locations do not show up ? * how does the pc sso software client work ? (it has zero configuration so it does not know the sso gateway , only the default gateway ) * does the pc sso client work, if it has a other router as default gateway
-
ok i found something in the IIS log. some ews addon app is causing this
-
it is the exchange monitor = EM not the ELM but , maybe a service running on all PCs with Administrator@mydomain.com as service account is connecting to exchange ?
-
what i found regarding Article ID :000019376 iphones owa/activesync fails without Request Method "options"
-
..com/autodiscover/autodiscover.xml ..com/owa/* ..com/ecp/* ..com/EWS/Exchange.asmx ..com/Microsoft-Server-ActiveSync* ..com/OAB/* ..com/mapi/emsmdb/*
-
what about: would this reduce attack surface sufficiently ?
-
... we also added URL Paths restriction to only allow access to certain virtual directories and for autodiscover is locked down to autodiscover.mydomain.com/autodiscover/autodiscover.xml. .. can you list all required paths
-
is this FBX-6143 solved or is there a workaround ?
-
the idea is to bring up a server from backup in a different location without reconfiguring network on any device. https://openvpn.net/community-resources/ethernet-bridging/ "By bridging a physical ethernet NIC with an OpenVPN-driven TAP interface at two separate locations, it is possible to logically merge both ethernet…
-
system manager (gui version) > bandwith meter
-
hello, this feature is needed for routing provider independent address space over any internet connection. to have HighAvailablity for your PI IP range.
-
Hello, there are multiple reasons, but simply if you have a power soure it is good if u can turn it on/off, and even better if u can schedule it. in my case i have a poe 5G/LTE router without these features. to manage these actions from the firewall would be great.
-
+1 Please implement WireGuard VPN
-
i would say with dsl/vdsl firebox in most cases is acting as ppoe device. otherwise the modem would have to NAT ( not a good solution ) ,route ( need more ip adresses from provider ) or bridge ( not available by most modems ) mode.
-
Certificates do not conform to algorithm constraints editing the java.security file fixed the problem "C:\Program Files (x86)\Common Files\WatchGuard\java\jre11.0.4\conf\security\java.security" jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 1024, \ EC keySize < 224, DES40_CBC, RC4_40…
-
hi @James_Carson i followed your advice on cabeling and IP, but the wizard says "the temporary IP can not be the same as the default trusted IP adress of the device" so i had to use 10.0.1.10 here is what happens in the log: 01/18/21 12:51:34[Thread-15] Setting temporary IP to 10.0.1.10 01/18/21 12:51:34[Thread-15] Begin…
-
Hi @James_Carson the wizard asks for temporary IP >>> IP of the Firebox is changed ( verified by ping ) , but it looks like nothing is transferred. after some time , there is a timeout message.
-
@James let me say it different recovery mode is broken in WSM 12.6.x i have tried different windwos OS and different Fireboxes after downgrade to WSM 12.5.3 or lower, recovery mode works fine.
-
Hello, in the meantime I did some testing ( M300 <--> FireboxV ) direct connected endpoint 1. behind M300 ( NAS with ramdisk ) endpoint 2. behind FireboxV, connecting to SMB share on endpoint 1. what i found: * on vmware 6.0 fireboxV was way faster then on hyper-v ( test with AMD GX-415 SOC ) * Routing & VPN AES128-GCM…
-
ok , i did plenty of testing today going to UDP causes a MTU problem. reducing MTU solved the problem. UDP indeed is twice as fast
-
i set: data channel to UDP 443 config channel to TCP 443 after that the vpn shows strange behaviour i cannot access www any more