Search found 35 matches

by anders s
10 Aug 2015, 16:07
Forum: SG Discussions
Topic: HA and vlans
Replies: 1
Views: 1605

Re: HA and vlans

No, unfortunately it is not
by anders s
01 Apr 2015, 12:51
Forum: Feature Requests / Product Enhancements
Topic: SMTP alerting
Replies: 3
Views: 3386

Re: SMTP alerting

It is possible to acheive those things with 3rd party tools such as ManageEngine Firewall Analyzer
by anders s
08 Sep 2014, 16:00
Forum: SG Discussions
Topic: best practice for multiple L2TP VPNs
Replies: 2
Views: 2264

Re: best practice for multiple L2TP VPNs

You could set up different VPN tunnels, this requires multiple external IPs and cOS Core 10.20 or later. If the users are in the same authentication source you can use the same VPN and filter the rules on user authentication.
by anders s
03 Jun 2014, 16:38
Forum: SG Discussions
Topic: VLANs between Interfaces
Replies: 2
Views: 2549

Re: VLANs between Interfaces

You need to enable Proxy ARP on the routes for the vlans. You should also use a interface Group with security/transport equivalent in the ip rules so that wireless clients can roam between the interfaces without loosing connections. It won't work if the AP relies on broadcast to find the controller.
by anders s
05 Dec 2013, 10:43
Forum: InControl Discussions
Topic: Log Analyzer results
Replies: 3
Views: 4087

Re: Log Analyzer results

Application Usage only contains information about identified applications so traffic from any rules without application Control will not be included. I have also noticed a lot of traffic to google, even when looking at destination IP I see a lot of traffic on port 80 to IPs with PTR of cache.google....
by anders s
05 Dec 2013, 10:30
Forum: SG Discussions
Topic: HTTPS ip policy with multiple WAN IP
Replies: 3
Views: 2964

Re: HTTPS ip policy with multiple WAN IP

If you wan't to use a destination IP that is published on interface G1 then destination interface would be G1. Only the IP that is set on an interface is associated with the core interface, ARP published IP's are assoicated with the interface they are published on. Clear huh? :) So the policy would ...
by anders s
29 Jul 2013, 14:44
Forum: SG Discussions
Topic: Problem with Clavister E7 with 2 WAN
Replies: 1
Views: 1872

Re: Problem with Clavister E7 with 2 WAN

You probably need to add a routing rule. Depending on how you placed the routes it may look something like this

add RoutingRule SourceInterface=g2 SourceNetwork=all-nets DestinationInterface=any DestinationNetwork=all-nets service=all_services ForwardRoutingTable=main ReturnRoutingTable=Default
by anders s
28 May 2013, 15:52
Forum: SG Discussions
Topic: SAT/NAT rule help!
Replies: 7
Views: 9589

Re: SAT/NAT rule help!

For future reference the rules should be something like this:

4 | sat_any-core_http | SAT |any | all-nets | core | 83.252.XXX.XXX | http-all
6 | nat_lan-core_http | NAT |lan | lannet | core | 83.252.XXX.XXX | http-all
5 | allow_any-core_http | Allow |any | all-nets | core | 83.252.XXX.XXX | http-all
by anders s
13 Feb 2013, 11:03
Forum: SG Discussions
Topic: HA VPN sync
Replies: 1
Views: 2309

HA VPN sync

The documentation for 10.11 is ambiguous, has the problem with state synchronization of ipsec been fixed in 10.11? cOS Core Administration guide 10.11.01 VPN Tunnel Synchronization In an HA cluster, there is synchronization between the master and slave Clavister Security Gateways for all VPN communi...
by anders s
18 Jan 2013, 09:19
Forum: SG Discussions
Topic: Strong authentication for vpn
Replies: 2
Views: 3342

Re: Strong authentication for vpn

A cheaper solution is to use L2TP over ipsec with client certificate authentication for ipsec (against the Clavister) and username/password authentication for L2TP (against radius). The client settings for this can be pushed with group policy preference. I haven't tested it on Mac but it should work...