1
20.1 Production Series / Re: Really a BAD realase.
« on: February 08, 2020, 09:21:29 pm »
Update went smoothly here. Can't even tell an update happened. All looks the same to me.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
19.7 Legacy Series / Re: VPN Help
« on: January 26, 2020, 11:36:50 pm »
No one...
I figured this is easy for the firewall masters out there.
I figured this is easy for the firewall masters out there.
3
19.7 Legacy Series / Re: VPN Help
« on: January 25, 2020, 04:52:16 pm »
adding the rule to OPT1 didn't help. See attached
I still get no hits in the log. I have both rules set to log events.
I still get no hits in the log. I have both rules set to log events.
4
19.7 Legacy Series / VPN Help
« on: January 25, 2020, 12:19:48 am »
I need help configuring rules to allow my Windows 2016 VPN server to be able to be accessed on my LAN. Outside users can access via PPTP or L2TP just fine, The VPN server is on OPT1 interface and the local subnet is on LAN.
All the required ports are open for VPN PPTP and L2TP access. I just cannot get any local computers to connect.
The VPN server IP is 192.168.1.101 and I would like to connect to LAN 192.168.100.0/24
The OPT1 interface is 192.168.1.0/24.
I see no hits in the live logs to help me figure it out and I tried floating rules, OPT1 rules, and LAN rules to open the path between these IP's with no luck and I have NAT Reflection enabled. Maybe a NAT Reflection problem?
I am probably just missing something. It's been a while since I needed to change rules.
Attached is an example of an OPT1 rule I tried with no success.
Any help would be appreciated?
All the required ports are open for VPN PPTP and L2TP access. I just cannot get any local computers to connect.
The VPN server IP is 192.168.1.101 and I would like to connect to LAN 192.168.100.0/24
The OPT1 interface is 192.168.1.0/24.
I see no hits in the live logs to help me figure it out and I tried floating rules, OPT1 rules, and LAN rules to open the path between these IP's with no luck and I have NAT Reflection enabled. Maybe a NAT Reflection problem?
I am probably just missing something. It's been a while since I needed to change rules.
Attached is an example of an OPT1 rule I tried with no success.
Any help would be appreciated?
5
19.7 Legacy Series / Re: GeoIP not Updating
« on: January 16, 2020, 06:07:58 pm »
Mine updated yesterday as well. I also had to recreate the alias and rule. Now seems to work ok.
6
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 12, 2020, 06:59:33 pm »
Would be nice if someone could post some GeoIP example rules.
I did seem to get it working, but I think my rules could be cleaner. Since floating rules don't include the local IP's, I have to have a rules for all the local nets before the GeoIP rules. Would be nice to include my own IP list into the Maxmind one.
I have to do this because my GeoIP rule is set to block all counties except US using an invert. See attached.
Is there a better way to handle this?
I did seem to get it working, but I think my rules could be cleaner. Since floating rules don't include the local IP's, I have to have a rules for all the local nets before the GeoIP rules. Would be nice to include my own IP list into the Maxmind one.
I have to do this because my GeoIP rule is set to block all counties except US using an invert. See attached.
Is there a better way to handle this?
7
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 11, 2020, 08:17:51 pm »
I found a real disadvantage in using the invert GeoIP floating rule.
For example. I have a GeoIP rule which blocks every country except US and Canada for my Email ports (except 25). Doing this, any local IP's will not be in the Maxmind list so it will be blocked as well.
I am using a floating rule because I have multiple email servers and wanted the same GeoIP blocking for all of them.
So I either have to make a rule which allows all the local ports to pass before the GeoIP rule, or not use invert and have an enormous list in GeoIP.
Floating rules can be tricky to use due to the multiple interfaces and dual direction capabilities.
Any recommendations for the best approach here?
For example. I have a GeoIP rule which blocks every country except US and Canada for my Email ports (except 25). Doing this, any local IP's will not be in the Maxmind list so it will be blocked as well.
I am using a floating rule because I have multiple email servers and wanted the same GeoIP blocking for all of them.
So I either have to make a rule which allows all the local ports to pass before the GeoIP rule, or not use invert and have an enormous list in GeoIP.
Floating rules can be tricky to use due to the multiple interfaces and dual direction capabilities.
Any recommendations for the best approach here?
8
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 11, 2020, 06:26:08 pm »
Started working after I changed the floating rule to block both directions. Seems most of the blocking was done by IDS already
9
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 11, 2020, 05:53:36 pm »
@chemlud It works. Also tried China sites using WebSitePulse and they all work.
So that means the GeoIP is not functioning for me.
So that means the GeoIP is not functioning for me.
10
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 11, 2020, 05:07:49 pm »
Tried recreating rule and alias, still no log entries for GeoIP.
Tried the shell command above and everything is correct. Just not seeing any blocks in the logs. Not sure if it is working or not.
Is there any other way to test this?
Tried the shell command above and everything is correct. Just not seeing any blocks in the logs. Not sure if it is working or not.
Is there any other way to test this?
11
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 10, 2020, 04:52:28 pm »
The GeoIP function does not seem to be working. There are no log entries and I use to see a ton of them before the change. Everything looks ok in the GeoIP Settings. Yes, the rule is set to log hits
Is there something I am missing or something else I need to do?
I have the rule set to block all countries except US with an invert. Same rule as before the change. Never get a hit on it and that's just not possible.
Attached is what my floating rule looks like. Please advise if this rule is wrong
Is there something I am missing or something else I need to do?
I have the rule set to block all countries except US with an invert. Same rule as before the change. Never get a hit on it and that's just not possible.
Attached is what my floating rule looks like. Please advise if this rule is wrong
12
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 09, 2020, 10:57:40 pm »
It is a brand new feature and it didn't work when it was used and we reported it. My suggestion of putting a note in the message was so others wouldn't also think it was an issue. The message looks like something went wrong.
13
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 09, 2020, 09:00:18 pm »
Mine finally updated after 2 hours. That somehow doesn't seem right. At least the devs should put that info in the notice that comes up.
14
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 09, 2020, 06:19:53 pm »
So how long did it take. Mine has been sitting for about 45 minutes
15
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 09, 2020, 05:45:30 pm »
I also just get the message pop-up. Using the URL in a browser works
Reboot also did not work. We need a patch
Reboot also did not work. We need a patch