In case the client is a business/company, do not use attack methods like DDoS, SQL-injection, SSL-stripping, or network packet sniffing without proper …
Tag: Computer network
NetScaler Remote GSLB Service Shows as DOWN in Site configuration
If you Do Not see request and response for this traffic on these ports, on both of the NetScalers, then the Network/Firewall devices needs to be reviewed by the Network admin to determine the point of failure, and open the communication.
Related:
SSLV integration with proxySG in explicit mode.
I need a solution
Dear Support,
We have deployed proxySG in an explicit mode in our network. ProxySG ip is explicitly mentioned in the client web browser. Also, proxySG is in a different network than that of the client network. Can someone suggest the best mode of SSLV deployment for this environment?.
We have Symantec traffic on our links and need proxySG SSL offloading.
Also, I have read that to integrate proxySG with SSLV there are bunch of requirements like OS version for ProxySG be 6.7 or above. There is one other requirement I am not getting what that could mean. It says there must be the same BIRTH certificates on both appliances. Could someone explain what that could mean?.
0
Related:
The client will block traffic from IP address
I need a solution
The client will block traffic from IP address for the next 600 seconds, anything a MAC book connected to my network. It try to scan over 500 ports/host. any idea
0
Related:
Arp Cache Poison being blocked on Mac
I need a solution
Anyone have any Macs in their environment that get these blocks? Seems this is happening when the Mac is connected via wireless and then connects to a wired network, making the mac address table get dhcp for the same IP with different mac addresses.
0
Related:
Traffic generated by the proxy SG with high dst ports 40xxxx to 60.xxx
I need a solution
Hi BC Community,
Analyzing different types of traffic in our network (proxys, firewalls, snort), we detected connections generated by our proxy to the internal network (not internet – pub segment). These communications are made through ports dst high 40.xxx to 60.xxx. Could someone tell us what kind of traffic is this or why it is generated?.
Kinddly Regards
Security Team
0
Related:
Unmanaged Lab Network Firewall polices – Looking for ideas
I do not need a solution (just sharing information)
We currently have 2 primary firewall policies, OnNet and OffNet. When OnNet (on the corporate network) the Firewall is enabled but basically in Allow All mode. When in OffNet (anywhere but the corporate network) the firewall is much more restrictive. We have an additional unmanaged network that we are trying to figure out how to deal with. We call it a Lab network and is a combination of corporate laptops that come and go, as well as computers and devices that could have come from anywere really, vendors, customers, etc. Some of them are computers, some of them are instruments, etc. Currently when on the “lab” network corporate computers are in OffNet mode. The issue is this, computers need to talk to devices while on that network that are consistantly being blocked by the firewall. Sometimes the corporate computer initiates the connection, sometimes the other device inititates the connection. Nothing is consistant either, IP’s ports or protocols, the use case is very broad. What we don’t want to do is just turn the firewall off when they are on this network, but there is also no easy way to define what ports and protocols need to be allowed. Does anyone have any suggestions on how to deal with this?
0
Related:
Cyberoam: How to configure SSL VPN over IPsec site-to-site VPN
This article describes the steps of creating a point-to-point encrypted tunnel between a remote user and a company’s internal network as well as the end-to-end security of peer-to-peer connection using a combination of SSL certificates and a username/password for authentication.
The following sections are covered:
Applies to the following Sophos products and versions
Webform – XG Firewall
| Configuration parameter | Value |
|---|---|
| SSL VPN range | 10.81.234.5-10.81.234.55 (10.81.234.0/24) |
| Local LAN network (Cyberoam1) | 192.168.31.0/24 |
| Remote LAN network (Cyberoam2) | 192.168.1.0/24 |
| Local WAN endpoint (Cyberoam1) | 202.160.165.92 |
| Remote WAN endpoint (Cyberoam2) | 59.181.97.115 |
Cyberoam1 (Baroda) configuration: 192.168.31.0/24
- Generate default Certificate Authority.
To generate the default Certificate Authority, go to System > Certificate > Certificate Authority and click Default CA and Update > Click OK to generate default Certificate Authority.
- Configure SSL Global Parameters.
To set global parameters for tunnel access, go to VPN > SSL > Tunnel Access and configure tunnel access settings with the following values:
- Configure SSL VPN Policy.
To configure SSL VPN policy, go to VPN > SSL > Policy and click Add.
| Parameter | Value |
|---|---|
| Name | SSL Access |
| Access Mode | Tunnel Access |
| Tunnel Type | Split Tunnel |
| Accessible Resources | 192.168.31.0/24 & 10.81.234.0/24 |
- Apply the SSL VPN policy on a user.
To apply the SSL VPN policy on a user, go to Identity > Users > User and select the user to which policy is to be applied.
- Create IPSec connection.
To create a new IPSec connection, go to VPN > IPSec > Connection and click Add. Create the connection using the following parameters:
| Parameter | Value |
|---|---|
| Name | Baroda to Mumbai |
| Connection Type | Site to Site |
| Policy | DefaultHeadOffice |
| Action on VPN Restart | Respond Only |
| Authentication Type | Preshared Key |
| Preshared Key | Preshared Key should be same on remote end as well |
| Local WAN Endpoint | 202.160.165.92 |
| Remote WAN Endpoint | 59.181.97.115 |
| Local Subnet | 192.168.31.0/24 , 10.81.234.0/24 |
| Remote Subnet | 192.168.1.0/24 |
- Required firewall rules.
==>LAN_VPN : Source = LAN & Destination = VPN , Network/Host = Any & Any , Action=Accept and OK
==>VPN_LAN : Source = VPN & Destination = LAN , Network/Host = Any & Any , Action=Accept + MASQ and OK
==>VPN_VPN : Source = VPN & Destination = VPN , Network/Host = Any & Any , Action=Accept and OK
Cyberoam2 (Mumbai) configuration: 192.168.1.0/24
- Create IPSec Connection.
To create a new IPsec connection, go to VPN > IPSec > Connection and click Add. Create the connection using the following parameters:
| Parameter | Value |
|---|---|
| Name | Mumbai to Baroda |
| Connection Type | Site to Site |
| Policy | DefaultBranchOffice |
| Action on VPN Restart | Initiate |
| Authentication Type | Preshared Key |
| Preshared Key | Preshared Key should be same on remote end as well |
| Local WAN Endpoint | 59.181.97.115 |
| Remote WAN Endpoint | 202.160.165.92 |
| Local Subnet | 192.168.1.0/24 |
| Remote Subnet | 192.168.31.0/24 , 10.81.234.0/24 |
- Required firewall rules.
==>LAN_VPN : Source = LAN & Destination = VPN , Network/Host = Any & Any , Action=Accept and OK
==>VPN_LAN : Source = VPN & Destination = LAN , Network/Host = Any & Any , Action=Accept + MASQ and OK
Final configuration by connecting the SSL VPN to access the local and remote firewall’s resources
- Download and install the SSL VPN Client at the remote end.
Remote users can sign in to Cyberoam SSL VPN Portal by browsing to https://<WAN IP address of Cyberoam:port> and signing in.
- For Tunnel Access, user needs to access internal resources through an SSL VPN Client.
- Download the SSL VPN client from the Cyberoam website by clicking Installer.
- Download the client configuration from the portal.
- Install the client on the remote user’s system. On complete installation, the CrSSL Client icon appears in the system tray.
- Right-click the Client icon and click Import. Import the SSL VPN configuration downloaded from the Portal.
- Sign in to the Client and access the company’s internal network through SSL VPN.
If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Related:
ATP for Network
I need a solution
Hello,
for ATP network Inline block mode. how many ip addresses we need ? from symantec document i can see MGT & WAN inline interfaces ? why only on WAN ?
0
Related:
Overload Traffic on Network monitor
I need a solution
Hi Experts, i need your help,
is there any suggestion if you have a very busy traffic on network monitor that will cause the network monitor to become low disk?
everyday i have like long message time and lowdisk status or events,
see the file attachments for more details,
1. do i need to add another network monitor server for this area to help this one ?( i have 5 network monitor for 5 area/our client region), if i do really need one more server can i use VM rather than physical server again ?
2. or do i need a good new packet capture card for the network monitor ?
3. tunning up the policies ?
4. ask the NS team to filtering the traffic ?
thanks,
0