Search found 33 matches

by anders s
23 Apr 2019, 12:41
Forum: InControl Discussions
Topic: Move SG to new InControl
Replies: 1
Views: 731

Re: Move SG to new InControl

You won't be able to edit inherited objects as they are marked readonly, if you need to change them you have to create new objects. If the supplier still has the fw in incontrol you will see "disallowed netcon connection" frequently in cli, you can disable netcon before rules and create a rule for u...
by anders s
28 Feb 2019, 11:00
Forum: SG Discussions
Topic: SSH packet dropped
Replies: 1
Views: 661

Re: SSH packet dropped

You can add the IP to whitelist under Threat prevention\general\whitelist.
The root cause is probably that someone else has accessed the server through SSH and done something malicious from it. Search the log for category=blacklist to see if it is listed as botnet, scanner or DoS
by anders s
02 Jan 2019, 11:36
Forum: SG Discussions
Topic: IPv6 Prefix delegation ?
Replies: 2
Views: 1273

Re: IPv6 Prefix delegation ?

The biggest problem is that Android does not support DHCPv6 (for stupid reasons) so you need a /64 network for your WLAN to support android devices. It might be possible to route the /64 towards the android network (with proxy ND towards isp) and still route smaller subnets from the same /64 towards...
by anders s
23 Jul 2018, 11:06
Forum: SG Discussions
Topic: How can I display Current bandwidth usage per IP?
Replies: 7
Views: 2309

Re: How can I display Current bandwidth usage per IP?

There is no good solution that I am aware of. You can create a monitoring dashboard that shows which interface/vlan is using the bandwidth, start a packet capture on that interface and analyze in Wireshark to see which connection is using the most bandwidth.
by anders s
27 Apr 2018, 16:54
Forum: Feature Requests / Product Enhancements
Topic: Wildcards in cOS CLI
Replies: 6
Views: 3110

Re: Wildcards in cOS CLI

Something like this: clavister:/> ipsec -show -pattern=*customerA* -includeinactive --- IPsec SAs for *customerA*: IPsec Tunnel Local Network Remote Network Remote Endpoint Status ------------------ ------------------ ------------------ ------------------ -------- customerA-sto 10.25.42.0/24 172.16....
by anders s
26 Apr 2018, 09:52
Forum: Feature Requests / Product Enhancements
Topic: Wildcards in cOS CLI
Replies: 6
Views: 3110

Re: Wildcards in cOS CLI

I would also like to be able to filter on partial text string from ipsec interface name, both in ike -show and, more importently, on ipsec -show.
Also a list of tunnels that are both up and down (a combination of ike -tunnels and ipsec -show) with the same filtering
by anders s
17 Jan 2018, 16:23
Forum: SG Discussions
Topic: Routing to ARP published IPs
Replies: 5
Views: 2086

Re: Routing to ARP published IPs

If Webserver is on internal network you need SAT+NAT rules to trigger on the traffic from internal. SAT|any|all-nets|G2|IP_13x|allowed-services|DST:SAT(Webserver) Allow|G2|all-nets|G2|IP_13x|allowed-services|SRC:Auto NAT|Internal|internal_net|G2|all-nets|allowed-services|SRC:Auto Or SAT|any|all-nets...
by anders s
12 Jan 2018, 16:21
Forum: SG Discussions
Topic: Question about SSL-VPN(v11.x)
Replies: 2
Views: 1672

Re: Question about SSL-VPN(v11.x)

The client routing options are saved in the configuraion file so the client needs to download and run the configuration file again.
by anders s
30 Oct 2017, 12:53
Forum: SG Discussions
Topic: Routing
Replies: 2
Views: 1451

Re: Routing

Create a secondary routing table that only has the default route for aux, set "outbound routing table" on the ipsec interface to the secondary routing table
by anders s
30 Oct 2017, 12:51
Forum: SG Discussions
Topic: Forward traffic from WAN to WAN
Replies: 2
Views: 1911

Re: Forward traffic from WAN to WAN

You need a SAT + NAT rule, otherwise the respnse will be sent from new server directly to client and will not be allowed by neither the clients firewall or the client.