Comments
-
@"james.carson" I figured it out. It’s cloud flare proxy ip’s where i have some overlaps. I am not worried about the listet ip addresser as they all are CF proxy ip’s.
-
@WGM Just create a smtp connector in O355 which allow smtp from your public ip. A connector do not require any Authentication at all. Robert
-
Thank you.
-
Hi Maybe this? Download the Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package MFC Security Update and run it. This will replace/restore the msvcp100.dll with the most recent copy provided by Microsoft.
-
Why did you not verify the products meet your requirements before buying in the first place? /Robert
-
I can add a connector to enable smtp relay from specific ip´s. https://admin.exchange.microsoft.com/#/connectors /Robert
-
Thank you
-
From Meraki firewall info page: our network(s) 185.17.255.128/25, 64.62.142.12/32, 209.206.48.0/20, 216.157.128.0/20, 158.115.128.0/19 7351 UDP outbound Meraki cloud communication Access points, Cameras, MX Security Appliance, Switches Your network(s) Any api.meraki.com 443 TCP outbound API Requests Your network(s)…
-
Thanks, case created, 01774309.
-
You have to use 1 NPS policy per AD group, then only 1 group will be returned with filter id 11.
-
You can log to WG cloud, but basic license only include 1 day retension, so must likely you have to install a logserver, either dimension or a syslog server. Of cause it is also possible to buy a WG cloud addon log retension license.
-
I will comment on my own old post here. You will get "invalid EAP authentication protocol 0" if you connect from behind the firebox with a ikev2 mobile device and you have a existing ikev2 bovpn virtual connection configured where both endpoints is configured with stastic ip´s to the same destination. This is with the…
-
The firewall denies the esp packets from the remote side. Start by dobble check you gateways under the vpn tunnel configuration.
-
Thanks. We are quite happy with our current security solution from our endpoints (which is not WG) and no plan to replace it.
-
Try reboot the box
-
Yes, but is the Dimension setup to not allow new boxes to log data automaticly?
-
Ahh... https://community.watchguard.com/watchguard-community/discussion/1959/tdr-what-is-the-road-map-for-this-product Maybe we get a free upgrade to replace the TDR? /Robert
-
Is the new box allowed to send logs to the dimension?
-
News to me TDR is going EoL. Replacing TDR with EPDR has a cost and for us, we are currently using tdr running side by side with our local security product. /Robert
-
Hi @"james.carson" This looks as a bug in fireware. It is not related to snmp requests to the firebox itself. Even when snmp is disabled on the firebox the bsalg error is logged. This is caused, if you have snmp packets traverse your external (wan) interface which is doing NAT , excluding any ipsec tunnels. Snmp packets…
-
@"james.carson" Thanks. I will do some tcpdump when i have some spare time to see, what the box do with the traffic. /Robert
-
Hi From FSM this should be possible. In traffic monitor right click and select event notifications. /Robert
-
@"james.carson" I have a little correction. Some users where infact presented with the mfa boks when login with sslvpn (and never got a push message of cause), but others where not (including myself). /Robert
-
@"james.carson" We also had the issue. But during the failure when connecting with sslvpn the pop-up to Press P or OTP did not even show. So no 2 factor option was available. /Robert
-
@"james.carson" Thanks´s. Most of the heavy traffic (https) on my T20 devices are routed through my central device for scanning so they are usual not that busy. Hopefully that´s why i have not seen this issue. /Robert
-
It oddly is FAR easier to go from a T20 to an M5800 in about 90 seconds than it is from one V to another V.... I don't get it. Nothing you can do. You are right. And it´s duo to a new serial number.
-
You are concerned abort Security and yet lets people Connect with stolen Windows OS and not updated OS. Maked no sense.
-
We simply use the hardware tokens for staff with no phone or shared computer access, no big issue. And we use a 120 seconds authentication timeout. /Robert
-
@TestingTester can you elaborate? WG will go on and on about depreciated authentication (like text to mobile) and yet let you use a gmail address to get a password reset or token. Is this not more a internal company policy what you allow to use for e-mails? can you elaborate? (I wont say brands as I have been reprimanded…
-
Hi @"james.carson" What if these users are local AD users? Then this option will not work. Are you saying, we can add a non-existing e-mail to AD user accounts, let it get synced to the cloud and login to the IDP portal with the ad username and password to activate the token? /Robert