Comments
-
www..philcrean.com is a ip 199.181.197.12, but 199.181.197.11 gets blocked as botnet. 2022-06-29 13:46:41 Webshop-HA1 Deny 172.16.1.46 199.181.197.11 https/tcp 59773 443 Internal network Firebox blocked sites 52 127 (HTTPS Internal-OUT-00) proc_id="firewall" rc="101" msg_id="3000-0173" tcp_info="offset 8 S 1171939557 win…
-
Yes, it is. Last time (which is a couple of years ago) a had to many stability issues with the webblocker VM so i ended up going back to the cloud option. /Robert
-
Thank you.
-
Last week i had a quote from Meraki as we needed 29 more switches. Their prices has gone through the roof. Same switch, same service as we bought before is now 120% more expensive. They ended up given me 20% discount from the 120% increased price. I told them forget it - we are going to buy from another vender - and that´s…
-
Hi @Dantheman No, it has only been acknowledged as a bug. I guess this is a low priority and no other customers are running ha within a vmware inviroment. /Robert
-
I don´t think this is possible.
-
I do not know much about cipher suites, but i can read GCM is preferred over CBC and have been for years. But i also see Windows still use these ciphers as default still: TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA Guess Windows has it duo to…
-
I was not aware of that, what chipers are the server using? Maybe WG are low on support and Engineering People as many others are combined with many (new) Products.
-
Makes sense, thanks.
-
@PhilT_VIT My partner deliver the license the second they have it, the waiting process is for the partner to get the feature key and since it is 100% a software solution with the firebox V my point is this should simple me a click and get key for the partner. Just like with Microsoft liceneses. /Robert
-
To all others.... FBX-23368 : FireboxV Firecluster backup master responding to ARP requests with VRRP adress
-
You can only use dimension as the VM image watchguard provide.
-
If the dimension db is not huge, a database export and import on a new Synology VM might be safer and faster
-
To be fair you are asking to be educated on the product which is not the main purpose for support. Basic network knowledge is required and all product documentation is online 24/7. My 3 steps is the answer to your question.
-
Tcpdump shows the backup master replies to arp requests for the primary vrrp address which it MUST NOT do in when being in backup mode. (per rfc) This would explain why i am seeing network issues. So i am the first customer to run HA on VMWare?
-
I always use manual bovpns. Don´t use WSM for this part.
-
As Bruce says, this is standard sip traffic. * Create a http and https filter policy allowing traffic to the domain names in the list. * Create a custom policy allowing udp 5060, tcp 5060 and tcp 5061 to the domain names in the list * Create a custom policy allowing UDP 30000-65000 to the domain names in the list This is…
-
Happened again today after 2 days uptime. A failover solved it - i know a garp is send out but as the vswitches don´t know the actual mac address and only the mac´s from the interfaces which is connected to it should not matter what mac address is being used as long as Promiscuous mode is enabled. At the same time i can…
-
I can answer my own question - either way the cluster is running the vmac is used. In my case 00:00:5E:00:01:33.
-
I have been searching and the above would indicate Promiscuous mode have not been enabled on the vSwitches before the fireboxes was booted up. I can see fireware checks for Promiscuous mode. Checking VMAC stuff for MGMT IF vlan1 PROMISC mode is enable. Check ok, 00:50:56:00:00:01 is in maddr list of vlan1 Done check VMAC…
-
I am using 6 x vCPU´s and it´s setting around 26% cpu usage when just receive logs from the devices. Memory is set to 8GB. The database is 1.9TB in size. At som epoint i had WG support to fine tune the database settings as some rutines would crash.
-
Can´t i just use the OTP option to enter the OTP from the AuthPoint app?
-
I use sd-wan on nearly all my t20´s to route http(s) traffic via my M370 cluster for scanning, so my smaller devices might not be using as much resources on scanning as yours. Only Office 365 and other very specific http(s) traffic is routed directly through the t20 with scanning.
-
Odd. I have 35 T20´s running 12.8 U1 and so far i have not had issues. They are running basic security suite.
-
thank you
-
We are running Meraki wifi every where and have been a happy customer for nearly 8 years. Still have many old MR18 AP´s running though out of SW support. Soon time for a upgrade to never Meraki AP´s. We are also using their switches in all our retail stores and again very happy with the management capabilitiesm but we also…
-
@"james.carson" Thank you for the clarification. I have a remote location where my ike tunnels started to have extremly high packet lose, but everything else is working normal - that is non encrypted traffic. And only my virtual interfaces has errors, both TX and carrier and all physical interfaces is running smooth. It…
-
Thank you
-
No, but last week i had TDR killing OneDrive process as a thread :)
-
Very good idea. You can set time schedules on policies but not that advanced you describe which would be a feature i could use. Back in time when i was using Juniper i always liked the possibility, when saving a new configuration, to auto roll back withing X minuttes, if you did not acknowledge the new configuration after…