Search found 35 matches

by anders s
15 Jun 2020, 14:48
Forum: Feature Requests / Product Enhancements
Topic: Capture non IP traffic (ARP, DHCP requests)
Replies: 2
Views: 454

Re: Capture non IP traffic (ARP, DHCP requests)

You can limit the data per packet with -snaplen but I would also like to be to use multiple filters and also exclusions (like netcon/ssh)
by anders s
21 Jan 2020, 15:56
Forum: SG Discussions
Topic: IPSec tunnel monitoring fails
Replies: 1
Views: 1698

Re: IPSec tunnel monitoring fails

Hi Create two additional routing tables: ipsec - contains the remote network over ipsec interface wireless - contains the remote network over wireless interface with gateway and the network of the wireless interface Create two routing rules: from ipsec all-nets to any all-nets - forward main, return...
by anders s
23 Apr 2019, 12:41
Forum: InControl Discussions
Topic: Move SG to new InControl
Replies: 1
Views: 1555

Re: Move SG to new InControl

You won't be able to edit inherited objects as they are marked readonly, if you need to change them you have to create new objects. If the supplier still has the fw in incontrol you will see "disallowed netcon connection" frequently in cli, you can disable netcon before rules and create a rule for u...
by anders s
28 Feb 2019, 11:00
Forum: SG Discussions
Topic: SSH packet dropped
Replies: 1
Views: 1095

Re: SSH packet dropped

You can add the IP to whitelist under Threat prevention\general\whitelist.
The root cause is probably that someone else has accessed the server through SSH and done something malicious from it. Search the log for category=blacklist to see if it is listed as botnet, scanner or DoS
by anders s
02 Jan 2019, 11:36
Forum: SG Discussions
Topic: IPv6 Prefix delegation ?
Replies: 2
Views: 1735

Re: IPv6 Prefix delegation ?

The biggest problem is that Android does not support DHCPv6 (for stupid reasons) so you need a /64 network for your WLAN to support android devices. It might be possible to route the /64 towards the android network (with proxy ND towards isp) and still route smaller subnets from the same /64 towards...
by anders s
23 Jul 2018, 11:06
Forum: SG Discussions
Topic: How can I display Current bandwidth usage per IP?
Replies: 7
Views: 3429

Re: How can I display Current bandwidth usage per IP?

There is no good solution that I am aware of. You can create a monitoring dashboard that shows which interface/vlan is using the bandwidth, start a packet capture on that interface and analyze in Wireshark to see which connection is using the most bandwidth.
by anders s
27 Apr 2018, 16:54
Forum: Feature Requests / Product Enhancements
Topic: Wildcards in cOS CLI
Replies: 6
Views: 4930

Re: Wildcards in cOS CLI

Something like this: clavister:/> ipsec -show -pattern=*customerA* -includeinactive --- IPsec SAs for *customerA*: IPsec Tunnel Local Network Remote Network Remote Endpoint Status ------------------ ------------------ ------------------ ------------------ -------- customerA-sto 10.25.42.0/24 172.16....
by anders s
26 Apr 2018, 09:52
Forum: Feature Requests / Product Enhancements
Topic: Wildcards in cOS CLI
Replies: 6
Views: 4930

Re: Wildcards in cOS CLI

I would also like to be able to filter on partial text string from ipsec interface name, both in ike -show and, more importently, on ipsec -show.
Also a list of tunnels that are both up and down (a combination of ike -tunnels and ipsec -show) with the same filtering
by anders s
17 Jan 2018, 16:23
Forum: SG Discussions
Topic: Routing to ARP published IPs
Replies: 5
Views: 2744

Re: Routing to ARP published IPs

If Webserver is on internal network you need SAT+NAT rules to trigger on the traffic from internal. SAT|any|all-nets|G2|IP_13x|allowed-services|DST:SAT(Webserver) Allow|G2|all-nets|G2|IP_13x|allowed-services|SRC:Auto NAT|Internal|internal_net|G2|all-nets|allowed-services|SRC:Auto Or SAT|any|all-nets...
by anders s
12 Jan 2018, 16:21
Forum: SG Discussions
Topic: Question about SSL-VPN(v11.x)
Replies: 2
Views: 2242

Re: Question about SSL-VPN(v11.x)

The client routing options are saved in the configuraion file so the client needs to download and run the configuration file again.