Comments
-
Well, i have Prevent Host Sensor Uninstallation enabled so i was unable to uninstall. Did some fiddleling and got the TDR client removed from my machine. And yes, if i install the client by running the msi installer, all settings works, so only changing the account UUID is not enough. I made a little script to uninstall…
-
I guess you did not start with the basics. Waw.
-
> @Cristiano said: > our cluster ID is 50 Cant say if there is a conflict, but you can always try to change it. Just remeber the cluster gets a new mac address.
-
setup -> logging -> Diagnostic log level
-
Try turn up logging on firecluster og management modules and see if anything should show up.
-
How are the two fireboxes connected? Directly or via a switch. Do you have other equitment running vrrp?
-
The WatchGuard policy (policy type WG-Firebox-Mgmt) controls administrative connections to the device. By default, the WatchGuard policy allows management connections from the Any-Trusted or Any-Optional aliases. If you set the FireCluster Management Interface to a Trusted or Optional interface, the Management Interface IP…
-
@agentsmith We have a policy that lets about 1500 FQDN entries thru. .... Everything looks ok, the response IPs are correct. However, once in a while, some of these IPs keep getting blocked even though the firewall seems to have resolved the FQDN entries successfully. And these entries are located in Blocked sites…
-
I tried this on one of my devices ... it works but waw it is so slow when the firebox has a lot of logging. In my case FSM nearly halts and is using 50% cpu usage when i enbale regular expressions.
-
@James_Carson We found out why. FBX-14597 SSO Agent should support multiple Fireboxes The SSO Agent does NOT support multiple Fireboxes which means that all Authentication events are sent out to ALL attached Fireboxes since the SSO agent does not care who asked what.
-
@James_Carson Thank you. I am in contact with Ulf Schroeder regarding this issue as we cannot fint anything indicating there should be traffic from these clients.
-
open a support case
-
@James_Carson Would it be a better solution to use dns forwarding on the firebox and set the firebox to use conditional forwarding for our internal AD domain names? /Robert
-
@James_Carson If it´s me you are asking nearly all of my dns traffic is going through ipsec vpn tunnels to the AD DNS servers. /Robert
-
I checked one of my firefoxes which uses my internal MS AD DNS servers and it has these domain names in the cache: [155] 52.238.248.0 3600 82 NAA remain 0h:58m:32s 00000152 fe2.update fe2.update.microsoft.com.nsatc.net [156] 52.242.97.97 3600 253 NAA remain 0h:58m:35s 00000152 fe3cr.delivery.mp…
-
Thank you both, A filter it will be then. /Robert
-
ahh, posting C:\Windows\temp*\veeamflr*.flat is missng a backslash when being posted here
-
Hi @lcameron That did not work for me, still getting the same error. /Robert
-
Technical it might be right, but confusing to understand the log when infact there is no end user error.
-
Hi @Ralph Here is what I see when traffic is going through a fqdn packet filter vs. proxy with content exclusion. PROXY content exclusion: 2021-06-30 10:39:00 Webshop-HA1 Allow 172.16.1.38 51.105.114.167 https/tcp 53001 443 Internal network TDC-EXT ProxyAllow: HTTPS domain name match (HTTPS Internal-OUT-00)…
-
@Greggmh123 @James_Carson The SNI is the same as the FQDN, sni="angf225hyrme5n3xn5tbclqteu.a.ecaserver.eset.com". Could it be a issue the tls connection is not a rfc standard ssl/tls protocol connection maybe?
-
@Greggmh123 I have testet with a /* in the end and it does not work. In fact i noticed even my exclusion for angf225hyrme5n3xn5tbclqteu.a.ecaserver.eset.com did not work all the time. Sometimes i got the Connect SSL Error [ret -1 | SSL err 1 | Details: ssl3_read_bytes/sslv3 alert handshake failure. What i have done now is…
-
@Greggmh123 All my exceptions has no /* in the end. This would note make sense to enter a /* in the end as this would refer to files and directories and not domains and hosts.
-
@James_Carson I did not have this in mind. I will look into this, thank you. /Robert
-
I am not sure, i understand the logic to this?
-
@James_Carson Ahh, you are right! Thanks. /Robert
-
@Ralph There is some logic to this. The IPS alert is triggered when the destination host is a Synology NAS, and only a Synology device, and only when the source traffic is from the WG Authentication Server(s). All other SSO traffic to Windows SSO clients do not trigger this alert and normal SMB traffic to the same Synology…
-
And if i look closer, i see, it´s a new false positive and not the same signature id. This is on traffic from the Watchguard Authentication Server to the SSO client. /Robert
-
Hi @Ricardo_Arroyo Thank you for this explanation which makes sense in my case. I learned something new today. I have a zip file with the encryption tester which can be downloaded here: https://1drv.ms/u/s!AuOwdE3caya8heYrdk1Fyx1EWaA95Q?e=6n6te4 /Robert
-
@BrianLambeth I can´t see why it should not work. Thin client and Windows 10 don´t sound right? Windows 10 IoT Enterprise is a full version of Windows 10 that delivers enterprise manageability and security to IoT solutions. Windows 10 IoT Enterprise shares all the benefits of the worldwide Windows ecosystem. It is a binary…