Search found 661 matches

by Peter
29 Jun 2020, 07:36
Forum: SG Discussions
Topic: Logs for IPsec
Replies: 1
Views: 80

Re: Logs for IPsec

Hello. Information about IPsec tunnel establishment can be found in primary two places. 1. Normal logs 1.1 Such as in the WebUI memory logs or if you have setup a log receiver for Syslog (e.g. InCenter) or our own log format using InControl. 2. The "ike -snoop <ip>" CLI command. Logs from #2 is reco...
by Peter
29 Jun 2020, 07:30
Forum: SG Discussions
Topic: IPv6 - Network Prefix Translation
Replies: 1
Views: 331

Re: IPv6 - Network Prefix Translation

Hello. Unfortunately i don't think this would be possible in the current version of the Firewall (we are currently at version 13.00.06). The main reason for that is due to the lack of IPv6 address translation capabilities. The only alternative i can think of at the moment would be to use DHCPv6 in o...
by Peter
25 Jun 2020, 16:21
Forum: SG FAQ's
Topic: Problem with ARP towards some Wi-FI Access Points
Replies: 0
Views: 145

Problem with ARP towards some Wi-FI Access Points

This FAQ applies to: cOS Core any version Question: We have started having problems with our Wi-Fi Access Points (AP) where clients are unable to connect to the Firewall/Internet through the Firewall. The log contains entries about ARP resolution failed. A log sample: 2020-06-25 08:24:30 +02:00 ARP...
by Peter
29 May 2020, 12:42
Forum: SG Discussions
Topic: Which URL filter is Clavister using?
Replies: 1
Views: 1130

Re: Which URL filter is Clavister using?

Hello. We are using "ContentKeeper" as vendor for our URL database/lookups. Please use the following URL in case you have a reclassification request(s): https://www.clavister.com/submit-url-reclassification Note: Currently (2020-05-29) this URL cannot be reached other than using the above link direc...
by Peter
19 May 2020, 11:05
Forum: SG FAQ's
Topic: Using IKEv2 roaming without installing a certificate on the client
Replies: 0
Views: 1571

Using IKEv2 roaming without installing a certificate on the client

This FAQ applies to: cOS Core version 13 and up. Question: I want to use the IKEv2 client in e.g. Windows, but i do not want to install a certificate on all my clients. Is there a way to bypass this requirement? Answer: Using PSK (pre-shared key) for the IKEv2 tunnel in Windows is not possible as i...
by Peter
19 May 2020, 10:41
Forum: Feature Requests / Product Enhancements
Topic: Scheduled deployments in InControl
Replies: 3
Views: 4323

Re: Scheduled deployments in InControl

Hello Dirk.

This feature request has not been implemented yet. It was initially in the roadmap but due to various reasons, changes, requirements and whatnot it was removed.

So currently we do not have any plans for it's implementation (Note: New developer ID is ICC-7622).

/Peter
by Peter
09 Apr 2020, 16:20
Forum: SG FAQ's
Topic: Problems to receive DHCP address
Replies: 2
Views: 6960

Re: Problems to receive DHCP address

Note4: We encountered a situation towards a Swedish ISP that was sending the DHCP replies from the DHCP server with TTL=1. By default cOS Core only allows a TTL of 3 or higher. In order to get this to work the TTLMin setting must be lowered from 3 to 1 or the "TTL on Low" setting be set to "ignore"...
by Peter
08 Apr 2020, 12:47
Forum: SG Discussions
Topic: SSL VPN Speed
Replies: 2
Views: 4004

Re: SSL VPN Speed

Hello. Unfortunately yes, this is an expected behavior. Our current SSL-VPN implementation is running over TCP which means you risk running into a problem when you run TCP in TCP. And if the user is behind a shaky connection e.g. a 3G connection, Wi-fi etc. the problem with will be amplifie and make...
by Peter
13 Mar 2020, 07:28
Forum: SG Discussions
Topic: HTTP over HTTPS blocked
Replies: 2
Views: 2371

Re: HTTP over HTTPS blocked

Also if the application is using HTTP encapsulated by HTTPS, it should "reasonably" not be a problem as we are not decrypting HTTPS as that would require a different approach such as a MiM (man-in-the-middle) system. Clavister NetEye can do HTTPS inspection.

/Peter
by Peter
13 Mar 2020, 07:25
Forum: SG Discussions
Topic: HTTP over HTTPS blocked
Replies: 2
Views: 2371

Re: HTTP over HTTPS blocked

Hello. It sounds like the problem is on the service that you are using on your IP rule/policy. It is only set to allow HTTPS but not HTTP and this application seems to want to use HTTP. Remember that things can be a bit confusing when it comes to IP rules and IP policy's. Basically IP rules = old me...