Comments
-
For gmail I have had to create a policy for the traffic to go out from - printers, ATAs, Barracuda and yes...Dimension. The port is 587 not 465
-
That is a tough one. I have recently had a rash of (crap) with some overseas folks who simply roll their IP address seemingly by the second. So, we get a push from IP "A", then from "B" and on and on and on...so, what do we block and for how long? -removed section of comment - James C- While not the answer to your…
-
I know not the answer you are looking for....exactly. But, I know for a fact the OpenVPN Connect client can (OpenVPN is what WG is created from). I also find that 99.999999999% of users (and support) find the Open VPN Connect system easier to trouble shoot and run day to day. Another option that is able to be run with…
-
You of course are aware that on the very site that you asked this question - ANYONE can download the client...right? (depending on domain policies I suppose). I carry it and OpenVPN on a USB...... plus, on the /sslvpn site you need a credential to download....
-
We block QUIC on all devices, period. (udp 80 and 443). Many of the features of the UTM packages do not support scanning of it...and, I have yet to find a website that requires it and only it (as opposed to TCP).
-
Easy, go into System Manager and copy the feature key to a text file...then you use System manager to make any changes you want (start fresh from the build config wizard)...factory default the box, paste in your feature key and have a nice day...takes seconds.
-
Yes, works fine. Yes, I have done it, and yes...I would replace the T10. Even for just VPN...it on its own is a heck of a bottleneck for most environments (even home user, actually, especially home users who tend to move big bandwidth for their televisions and game consoles)
-
@Cristiano_D That was one of the key reasons we moved a few things to Okta. Our end users would just pound away at it (more so the overseas folks). For us it became a bit easier to use Okta for our security for many 'lower end' users. For folks with access to more than a few app's we are quite happy with AuthPoint and the…
-
What you are going to want to do is either make the PC static or make an IP reservation for the system on your DHCP Server. From there, it is in general (I think) easier to make an alias to contain your IP address for the system(s). I will also in general make separate TCP-UDP for staff, managers (as in they can get to…
-
Nice. I have found that for HOSTED IP I have not needed inbound rules. For onsite (Like Avaya) I have needed them. No matter what, even with an 'any' rule, I have always needed rules for SIP. Also, you may want to add a range (maybe). Many of the systems are going for 5061 and some randomly from 5060-9. We have had a…
-
@"james.carson" Being as his firmware is older, one might assume it is out of support...but, a packet filter does not need any of the UTM or licensed features. You are right that in theory, the traffic 'could' or even 'should' go out the device for voice (without the SIP-ALG I have never known any place who would need it).…
-
There is no reason at all that assuming you have a HyperV server, you just add Dimension to what ever you have, even if there is already a Dimension there. When you setup Dimension you assign it an IP address and that is what your boxes are going to communicate to - as they have to say "Here is my stuff" as opposed to the…
-
The key, remove them once you have your scan done. This is VERY easy and takes 10 seconds if you use System Manager and go to an older config (from just before your changes).
-
You are going to need to create a packet filter for the voice traffic. This filter in general will also need to be to the SPECIFIC address' if the internal devices (if you are using handsets such as Polycom, Yealink.... What I typically do in a smaller environment is group the handsets with DHCP reservations, create a…
-
Do what all the rest of folks do....turn off IPS during the scan ;-) I wish I was kidding. I did have that fight with them a year or two ago. It turned into "our security is so good you cant get past our security to test our security then, right?". That was the end of the discussion. Or, you simply add the IP's to the IPS…
-
There was a 'known issue' with getting the WG feature keys with a semi-current version of the firmware. If you go to 12.8.B657104 I bet the system self corrects for you, it did for me in the exact same scenario.
-
Seriously, with AuthPoint the easiest thing to do is have your company setup as an Admin user and deactivate the other Admins who are no longer needed. I have tried in the past to move from a "Trial" to a full version on a company account (as opposed to VAR). None of the settings or anything came over...we gave it a few…
-
Some years ago we had that...every time a new XRay machine took a certain view. They forgot to shield the ceiling....took MONTHS to figure that one out. Then there was the time with the crushed ice machine near a switch.......
-
Yep, I have taken full configs off of M390's and put it on as small as a T20 and just changed the subnet information. Or, in a DR environment save the config, paste in a feature key and go.....but....what ever...who needs that?
-
I quite seriously have been seeing this frequently over the past couple of weeks. We onboarded some staff overseas (Pakistan and India). Even though Pakistan was blocked (yes on my SSL and IKE VPN policies) they were able to connect. A few users were running the VPN inside of a VPN, meaning they already had a VPN to…
-
Manual Host file...hey, do me a solid. Can you listen to "1999" from Prince when you create it? ;-P
-
Note! I got to peeking, I hated Synology DNS...well, I guess QNAP does not do it (maybe that is why I did not hate it?).
-
The box with out question does handle DNS, albeit not as thorough as a Windows Server. In my experience, it is FAR more dependable than Synology but not as good as QNAP. The Synology interface for many of their entry SAN systems is not able to handle some of the mixtures of VLAN that I typically need, nor does the zone…
-
You can see that in Dimension...fast a free ;-)
-
You are aware that we (as a planet) are pretty much out of IPV4 and it would be easier to accomplish with V6? I do not play with RIPE often, but, I am pretty sure that with 4 you are SOL.
-
I had run into that over and over and over again - until I block the AP420 from talking to the outside at all (deny 'any' at the edge). After about 7 to 10 minutes it will look for the WLC in your firebox (2529udp) and you can configure it from there. Once done, assign an IP to the AP and it no longer tries to access the…
-
To be sure you get it.... ^[0-9a-zA-Z_-.]{1,256}.DOMAIN-HERE.com/
-
@James_S512 One possibility to be a bit more secure would be to have an AD group that is connected to Okta for access. There are a bit more options for Okta than there is for AuthPoint. We have a number of credentialed accounts (healthcare) where we have no option but to have multiple people in multiple locations access an…
-
This is security right? So, each person gets their own key. Or (and I would not allow this) just have your MSP be in an AD group that does not require 2FA.
-
@Bruce_Briggs The fact is if either side would work with DNS the tunnel should come to life. I would toss up an image of the one that I have with the double NAT....but, I cant get into the box from the outside ;-)