Comments
-
I never got notifications to this thread, but wanted to update since it will probably help someone else. Yes, I had a ping policy near the top of the list, so when using ping to see if a device is blocked or not, pings would go through. The reality is that the IP was blocked from all other traffic and was working properly.…
-
Thank you for the reply. Unfortunately, none of that can be changed. However, I did find the solution. There was an additional route for 192.168.0.0 that when deleted using 'route delete 192.168.0.0 mask 255.255.240.0' along with the previous route delete for the 192.168.0.1 default gateway allowed the vpn to work…
-
I would check if you have the same reconnect issue locally. If so, it is an rdp issue. Otherewise, it is a vpn/isp issue. I have seen late packets or packet loss cause rdp disconnects.
-
I echo what others have said about the necessity to upgrade--see what you need performance-wise and see if that matches the tco when you include licenses.
-
Maybe I should back up and ask how the following rule should be implemented--block any external requests from a single internal ip address, but allow internal traffic. I thought I had it set up correctly, but I'm beginning to doubt everything now.
-
So this is getting weird. Now the same rule set up the same way is allowing internal traffic, even to external--and nothing about this IP shows up in traffic monitor. Rule is as follows: Enabled, Connections Denied, From IP address to External1 and External2 (both individually specified, and the only configured external…
-
So I set up a rule as a test that would block all traffic from a particular IP address to Any External interface. But what seems to happen is that it is denying access from Internal and Trusted interfaces as well. The policy rule is above the default outgoing rule that allows anything. Not sure what I did wrong here. Would…
-
Thank you very much as always. Good to know about the BOVPN allow policy. I'll try it as I originally explained it and expect to have no issues. :) Thank you again.
-
Thank you James. We upgraded to an M300 and set the M200 aside for re-loading and use at a different site. I'll post back with the results once we complete the refresh.
-
If you can remote control a system at that site, you can run a speed test on that machine, but it is not the same as speed testing the way the ISP wants--directly at the tap.
-
I would simply block that student from all RDP access for a week. That will fix them.
-
Thank you! Seems quite easy. :)
-
Interesting. I think I'm understanding the concept, but would you mind giving an example so I know I've got it?
-
Gotcha. Thank you for the detailed information. I haven't tried to feed the firebox smaller chunks, but will try that as well.
-
Good to know. Ah yes, I just saw that nice little checkbox--sounds like a fun option to enable and watch. :) Geolocation sounds pretty nice. It's good to see it as an option. :) I wouldn't want to post it publicly, but feel free to message me. :) Yep, our current project will hopefully finish in the next year or so (we've…
-
Thank you! I'll check it out when I get a chance. :) As you mentioned the ports are already blocked, but it would be nice for them to get onto the blocked sites list automatically. Hmmm...in fact I have an idea--can I simply put all the ports we don't use on the blocked port list and have the firebox automatically add bad…
-
How would I use an Alias list? Set up the Alias with all the blocked IPs and then exclude that? Or another way? I'm just tired of seeing the the attempted exploits in traffic monitor from around the globe. It's sad that the government just doesn't stop this traffic as it has no legitimate reason to even be here 99% of the…
-
That 1000 limit might be the issue. I'll check the file and limit it and see what happens. If this is the case, what other methods could you think of that would end up with the same effect? A firewall rule perhaps?
-
I don't use policy manager, just the web ui. It's 11.10.4.B490278.
-
Thank you as always Bruce. :) Unfortunately, we have to run an older version of Fireware to support some legacy equipment, so this feature is not available. Hence the manual block list. Any ideas on how to get it to work?
-
Thank you for the reply James. The 22w was retired a long time ago and only had that one port issue once and that was it. The m200 is definitely having a software induced hardware issue like it is not booting properly as a couple of reboots will get it back to working correctly for a week or so. I have yet to plug in to…
-
For anyone that is reading, I think this issue is software versus hardware. Approximately every week now, one of our wan connections will just go from 'up' to 'down'. The other wan connection will continue to work. If you reboot the firebox, you may get any combination of the following: no ethernet ports to come up (link)…
-
I forgot to mention something odd that happened over the weekend as I was attempting to diagnose an IPsec tunnel that wouldn't come up. After checking logs on both sides and seeing that there was no communication in phase 1, I checked that particular external connection being used for the bovpn and saw that it was looking…
-
This doesn't sound right to me. If you have a spare static IP, assign it on a laptop and plug it in the VM Hitron and see what speeds you get. If you are still topping out at 250Mbs, then it is something on their end. If you are hitting 500Mbps, there is still something going on between the WG and the Hitron. I have an…
-
Looking at Firewatch and the interfaces at that time period should really narrow it down. I've seen activity like this before and then forgot some system was doing a large download or backup.
-
This statement doesn't make sense. I'd call linksys again and see if you get a better/different answer.
-
Thank you for clarifying! I knew there was some sort of program but didn't remember the exact name for it.
-
Unfortunately, we only had 1yr support included. And the problem only started a few months ago so it is outside of current support. It seems that getting the support renewed will cost more than a new box from the research I've done so far. :( Not sure if we just won't get a fortigate instead if this is the case.
-
I had to do a transfer of ownership before and it is pretty painless once you know the procedure. :)
-
Oh yeah, absolutely. And it had almost all the features as the m200 except xtm pro. But I think even a soho 6 would have worked under the tradeup program we used.