Solved

PIX 515 Always shows 'Land attack' alarm.

Posted on 2008-10-07
14
1,857 Views
Last Modified: 2012-05-05
Hi! After natting (pat) the inside network to a single outside ip-address, I lost the ssh connection to the pix-device. After logging in via the console interface I see the continuing syslog alarms about the land attack.

Oct 07 2008 11:14:33: %PIX-2-106017: Deny IP due to Land Attack from x.x.118.12 to x.x.118.12

So, I suppose there aren't any hackers around. Can anyone explain what the hell happening?
Now we have lags on the inside network and no access to pix via ssh, maybe some more problems that I still haven't discovered.

I am including the important part of the config below.

Must say that we use Cisco 3750 as a lan switch (with all the intervlan routing, the default-gateway for all the hosts is 10.x.1.1 of the PIX). After the OUTSIDE interface we got the kind of Cisco 7600 where default gateway is known via bgp and network address used for natting is known via the static route (255.255.255.255).

I have searched the Net about the problem, but the answers to the equal issue are, in most cases, lame.
There goes the partial configuration.

!--------

interface Ethernet0.173

 vlan 666

 nameif OUTSIDE

 security-level 10

 ip address x.x.x.4 255.255.255.240 

 ospf message-digest-key 1 md5 <removed>

 ospf authentication message-digest

!
 

interface Ethernet1.110

 vlan 222

 nameif LAN

 security-level 50

 ip address 10.x.1.1 255.255.255.248 standby 10.x.x.2 

!
 

# the only default gateway

route OUTSIDE 0.0.0.0 0.0.0.0 x.x.x.1 1
 

access-list zzz extended permit ip 10.x.2.0 255.255.255.0 any 

global (OUTSIDE) 5 195.x.x.12

nat (LAN) 5 access-list zzz

Open in new window

0
Comment
Question by:poletay
  • 5
  • 4
  • 4
  • +1
14 Comments
 
LVL 8

Expert Comment

by:Jay_Gridley
Comment Utility
Hi.

Do you have any idea where the traffic that generates the alarm comes from?
As you have probably already found out "This message appears when PIX Firewall receives a packet with the IP source address equal to the IP destination and the destination port equal to the source port"
(source: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm)
This is the basic design of the PIX and can't be shut off.

I would go about finding out where this message is coming from and why the pix thinks it is an attack.
The problem would occur for example if you host a website on your inside network and try to access it from your inside network through the outside IP address of the pix.
You might need to find a work around for the situation or maybe the service causing trouble is no longer required and can be shut off.

Good luck in your efforts.

JG
0
 
LVL 32

Expert Comment

by:harbor235
Comment Utility


Did you try to ssh to yourself? You most likey have a shun in your config now blocking all traffic to x.x.118.12. Do a sh shun, from a console connection to see if the firewall is blocking that IP.

harbor235 ;}

0
 

Author Comment

by:poletay
Comment Utility
Hello everybody and thanks for the comments! We have a bypassing rule. I am attaching the config part with that. Do you think there is a host with an exclusive address (not included in the acl) that tries to communicate with some usual member of the (LAN) interface? I might try to discover if anybody is using secondary ip address.
'#show shun' returns nothing...
access-list BYPASS line 1 extended permit ip 10.x.0.0 255.255.0.0 10.x.0.0 255.255.0.0

access-list BYPASS line 2 extended permit ip 10.x.0.0 255.255.0.0 10.y.0.0 255.255.0.0

access-list BYPASS line 3 extended permit ip 10.x.0.0 255.255.0.0 10.z.0.0 255.255.0.0

access-list BYPASS line 4 extended permit ip 10.x.0.0 255.255.0.0 192.168.x.0 255.255.255.0
 

nat (LAN) 0 access-list BYPASS

Open in new window

0
 

Author Comment

by:poletay
Comment Utility
Also, I noticed some strange message about my own ip address (10.x.z.2) being spoofing. 10.x.y.1 is the address of the PIX

Oct 08 2008 06:00:05: %PIX-2-106016: Deny IP spoof from (10.x.y.1) to 10.x.z.2 on interface KVS

Open in new window

0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
It sounds like your PIX might be malfunctioning... contact Cisco TAC and have them analyze this with packet captures and such. They will be able to determine if your device is malfunctioning.
I recommend that you do this as your next step because this is a very strange combination of "attacks" that seem to come from inside... Is this a network that has untrusted users or is this a secured business network?
Please let me know so I can help!
Cheers!
0
 

Author Comment

by:poletay
Comment Utility
This is the physically secured business network. Users are under AD/windows and cannot modify network settings, MS ISA guards the traffic, antivirus software enabled.
When using packet tracer in Cisco ASDM, I see some rules are being ignored in inbound acl, so it drops the packets by the implicit "deny any to any" rule. That's why I can't ssh.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
Hmmm... that's rather disturbing then... you neet to contact TAC and get a full diagnostic run on the unit. There's got to be some problem with the PIX. I've seen this before and all 3 times we RMA'd the PIX. The new unit with the same config worked fine.
Get this fixed immediately - I don't want anything bad happening, and from what it sounds like, your PIX could poop out at any time.
Best of luck, I hope my advice has helped.
Cheers!
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
BTW I've only seen this on 2 515s and on 1 525... it doesn't seem to happen to the smaller ones for some reason. I'm not sure why it would affect the bigger units more (as the have ample cooling), but it does seem to.
Like I said, get TAC to check this out - that's not normal.
0
 
LVL 32

Expert Comment

by:harbor235
Comment Utility

Number one, there has been a lot of security advisories for Cisco products lately, I hope that you are operating from one of the latest and most stable versions of IOS, if not I would upgrade first.

Interface KVS is reporting this potential attack,, perhaps there is actual traffic being spoofed here. Look at your arp tables on the KVS network, look for an association to 10 x.y.1 that is different then the mac address on the firewall. interface,  If there is spoofed traffic then he will most likely have a different mac.
The key is to perform packet captures, know the mac adddress of the firewall and look for something different then the mac of the firewall then trace that mac address to a switch port and identify the host.

Also, I see you are using an active/standby configuration, did the config change sync properly? Have they went active active? Reboot the standby, make sure when the secondary comes up that it is sync'd properly then reset the Primary, make sure failover is working properly and all interfaces are monitored. Why does your config not have the failover IP for the outside interface? Can you post show failover? Could be a contention issue between the firewall pair.
Can we see the rest of your config?

harbor235 ;}

0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
Yes, please do post your running-config again... I'd like to take a look at it with those changes. Maybe we missed something.
0
 

Author Comment

by:poletay
Comment Utility
Hello to everyone. Thanks for ya comments. I localized problem cause to be at least three hosts and one of them is my own (look at acl TTK). Also, I noticed that now problem persist at night, beyond the working hours.

kln6-fw00# show ver

Cisco PIX Security Appliance Software Version 7.2(2)19
Device Manager Version 5.2(1)

Compiled on Fri 06-Apr-07 17:27 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"

Hardware:   PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Here's the most of the config, I ommited the other interfaces and the inbound acl tor outside interface. Nothing interesting there. Sorry, I can't disclose any real details.
hostname pixla

enable password /WEhTX4SoRXT89jB encrypted

names

dns-guard
 

interface Ethernet0

 description ------ OUTSIDE

 no nameif

 no security-level

 no ip address

!

interface Ethernet0.zzz

 description ----- OUTSIDE link

 vlan zzz

 nameif OUTSIDE

 security-level 10

 ip address (real).(net).184.4 255.255.255.240 

 ospf message-digest-key 1 md5 kazcing

 ospf authentication message-digest

!

interface Ethernet1.yyy

 vlan yyy

 nameif LAN

 security-level 50

 ip address (fake).(net).110.1 255.255.255.248 standby (fake).(net).110.2 

!

passwd 7KjQDb2Id8.3KYRU encrypted

banner motd Hostname $(hostname).$(domain)

boot system flash:/image.bin

ftp mode passive

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list LAN_ACL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(one).0.0 255.255.248.0 

access-list LAN_ACL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(one).64.0 255.255.248.0 

access-list LAN_ACL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(one).16.0 255.255.240.0 

access-list LAN_ACL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(ten).14.0 255.255.255.0 

access-list LAN_ACL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(one).36.0 255.255.255.0 

access-list BYPASS_LOCAL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(net).0.0 255.255.0.0 

access-list BYPASS_LOCAL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(one).0.0 255.255.0.0 

access-list BYPASS_LOCAL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(two).0.0 255.255.0.0 

access-list BYPASS_LOCAL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(ten).14.0 255.255.255.0 

access-list BYPASS_LOCAL extended permit ip (fake).(net).3.0 255.255.255.0 (fake).(ten).122.0 255.255.255.248 

access-list BYPASS_LOCAL extended permit ip any (fake).(net).0.0 255.255.0.0 

access-list DENGA_STATION extended permit ip (fake).(net).81.64 255.255.255.192 any 

access-list DENGA_STATION extended permit ip (fake).(net).34.0 255.255.255.0 (real).(net).184.0 255.255.255.0 

access-list DENGA_STATION extended permit ip (fake).(net).32.0 255.255.255.0 any 

access-list DENGA_STATION extended permit ip (fake).(net).34.0 255.255.255.0 (real).(net).128.0 255.255.224.0 

access-list DENGA_STATION extended permit ip (fake).(net).34.0 255.255.255.0 10.246.0.0 255.255.0.0 

access-list LAN_access_in extended permit ip (fake).(net).34.0 255.255.255.0 any 

access-list LAN_access_in extended permit ip any object-group Support 

access-list LAN_access_in extended permit icmp (fake).(net).1.0 255.255.255.0 (fake).(net).100.0 255.255.255.0 

access-list LAN_access_in extended permit ip (fake).(net).1.0 255.255.255.0 (fake).(net).100.0 255.255.255.0 

access-list LAN_access_in extended permit ip (fake).(net).1.0 255.255.255.0 (fake).(net).3.0 255.255.255.0 

access-list LAN_access_in extended permit ip (fake).(net).32.0 255.255.255.0 (fake).(net).3.0 255.255.255.0 

access-list LAN_access_in extended permit ip (fake).(net).33.0 255.255.255.0 (fake).(net).3.0 255.255.255.0 

access-list LAN_access_in extended permit ip (fake).(net).35.0 255.255.255.0 (fake).(net).3.0 255.255.255.0 

access-list LAN_access_in extended permit ip (fake).(net).73.0 255.255.255.0 host (fake).(net).72.254 

access-list LAN_access_in extended permit ip host (fake).(net).73.12 host (fake).(net).3.6 

access-list LAN_access_in extended permit tcp host (fake).(net).32.14 host (fake).(net).72.254 eq ssh 

access-list LAN_access_in extended permit ip host (fake).(net).32.60 host (fake).(net).72.254 

access-list LAN_access_in extended permit tcp host (fake).(net).34.2 host (fake).(net).72.254 

access-list LAN_access_in extended permit tcp host (fake).(net).32.166 host (fake).(net).72.254 eq ssh 

access-list LAN_access_in extended permit tcp host (fake).(net).32.166 host (fake).(net).72.254 eq telnet 

access-list LAN_access_in extended permit tcp host (fake).(net).32.166 host (fake).(net).72.254 eq 8001 

access-list LAN_access_in extended permit tcp host (fake).(net).32.221 host (fake).(net).72.254 eq ssh 

access-list LAN_access_in extended permit tcp host (fake).(net).32.221 host (fake).(net).72.254 eq ftp 

access-list LAN_access_in extended permit tcp host (fake).(net).32.221 host (fake).(net).72.254 eq 8001 

access-list LAN_access_in extended permit tcp host (fake).(net).32.221 host (fake).(net).72.226 eq 2300 

access-list LAN_access_in extended permit tcp host (fake).(net).32.221 host (fake).(net).72.254 eq 8000 

access-list LAN_access_in extended permit icmp host (fake).(net).110.3 host (fake).(net).3.6 

access-list LAN_access_in extended permit ip (fake).(ten).122.0 255.255.255.248 host (fake).(net).3.19 

access-list LAN_access_in extended deny ip any (fake).(net).100.0 255.255.255.0 

access-list LAN_access_in extended deny ip any host (real).(net).184.19 

access-list LAN_access_in extended deny ip any host (real).(net).184.18 

access-list LAN_access_in extended deny ip any host (real).(net).184.17 

access-list LAN_access_in extended deny ip any (fake).(net).3.0 255.255.255.0 

access-list LAN_access_in extended deny ip any 10.222.0.0 255.255.0.0 

access-list LAN_access_in extended permit ip host (fake).(net).32.21 (fake).(net).0.0 255.255.0.0 

access-list LAN_access_in extended permit tcp host (fake).(net).32.21 83.217.39.0 255.255.255.0 

access-list LAN_access_in extended deny ip host (fake).(net).32.21 any 

access-list LAN_access_in extended permit ip (fake).(net).100.0 255.255.255.0 host (fake).(net).3.19 

access-list LAN_access_in extended permit udp any any eq domain 

access-list LAN_access_in extended permit ip host (fake).(net).81.66 any 

access-list LAN_access_in extended permit ip any host (fake).(net).34.2 

access-list LAN_access_in extended permit ip (fake).(net).32.0 255.255.252.0 any 

access-list LAN_access_in extended permit ip host (fake).(net).1.8 any 

access-list LAN_NAT_SRV extended permit udp host (fake).(net).1.6 any eq domain 

access-list LAN_NAT_SRV extended permit tcp host (fake).(net).1.6 any eq 123 

access-list LAN_NAT_SRV extended permit udp host (fake).(net).1.6 any eq ntp 

access-list LAN_NAT_SRV extended permit tcp host (fake).(net).1.10 host 80.253.4.44 eq www 

access-list KP extended permit ip host (fake).(net).1.130 any 

access-list TTK extended permit ip host (fake).(net).34.2 any 

access-list TTK extended permit ip host (fake).(net).34.50 any 

access-list TTK extended permit ip host (fake).(net).34.113 any 

pager lines 42

logging enable

logging timestamp

logging buffer-size 65535

logging console critical

logging monitor errors

logging buffered debugging

logging trap informational

logging asdm warnings

logging queue 1025

logging host LAN (fake).(net).1.6

mtu OUTSIDE 1500

mtu LAN 1500

ip local pool remote_users (fake).(net).48.2-(fake).(net).48.254 mask 255.255.255.0

ip local pool remote_admin (fake).(net).100.176-(fake).(net).100.184 mask 255.255.255.248

failover

failover replication http

failover link FAILOVER Ethernet5

failover interface ip FAILOVER (fake).(net).172.205 255.255.255.252 standby (fake).(net).172.206

monitor-interface OUTSIDE

monitor-interface LAN

icmp unreachable rate-limit 1 burst-size 1

asdm image flash:/asdm-521.bin

asdm history enable

arp timeout 14400

nat-control

global (OUTSIDE) 3 (real).(net).184.10

global (OUTSIDE) 2 (real).(net).184.12

global (OUTSIDE) 4 (real).(one).190.30

global (OUTSIDE) 5 (real).(two).118.12

nat (OUTSIDE) 0 access-list in-out

nat (LAN) 0 access-list BYPASS_LOCAL

nat (LAN) 3 access-list LAN_NAT_SRV

nat (LAN) 2 access-list DENGA_STATION

nat (LAN) 4 access-list KP

nat (LAN) 5 access-list TTK

static (LAN,OUTSIDE) tcp (real).(net).184.12 7000 (fake).(net).81.67 7000 netmask 255.255.255.255 

static (LAN,OUTSIDE) tcp (real).(net).184.12 64221 (fake).(net).32.221 3389 netmask 255.255.255.255 

static (LAN,OUTSIDE) tcp (real).(net).184.12 3389 (fake).(net).34.113 3389 netmask 255.255.255.255 

static (LAN,OUTSIDE) tcp (real).(net).184.12 3390 (fake).(net).32.15 3389 netmask 255.255.255.255 

static (LAN,OUTSIDE) tcp (real).(net).184.12 3391 (fake).(net).32.30 3389 netmask 255.255.255.255 

static (LAN,OUTSIDE) tcp (real).(net).184.12 3392 (fake).(net).32.33 3389 netmask 255.255.255.255 

static (LAN,OUTSIDE) tcp (real).(net).184.12 6888 (fake).(net).34.2 3389 netmask 255.255.255.255 

static (LAN,OUTSIDE) (real).(net).184.10 (fake).(net).1.8 netmask 255.255.255.255 

static (LAN,OUTSIDE) (real).(one).190.31 (fake).(net).1.6 netmask 255.255.255.255 

access-group from_outside in interface OUTSIDE

access-group LAN_access_in in interface LAN

route OUTSIDE 0.0.0.0 0.0.0.0 (real).(net).184.1 1

route LAN (fake).(net).33.0 255.255.255.0 (fake).(net).110.3 1

route LAN (fake).(net).1.0 255.255.255.0 (fake).(net).110.3 1

route LAN (fake).(net).32.0 255.255.255.0 (fake).(net).110.3 1

route LAN (fake).(net).34.0 255.255.255.0 (fake).(net).110.3 1

route LAN (fake).(net).35.0 255.255.255.0 (fake).(net).110.3 1

route LAN (fake).(net).73.0 255.255.255.0 (fake).(net).110.3 1

route LAN (fake).(net).81.64 255.255.255.192 (fake).(net).110.3 1

route LAN (fake).(ten).122.0 255.255.255.248 (fake).(net).110.3 1
 

router ospf 10

 network (fake).(net).100.0 255.255.255.0 area 0

 network (real).(net).184.0 255.255.255.240 area 0

 log-adj-changes

 redistribute static

!

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

group-policy remote_admin internal

group-policy remote_admin attributes

 dns-server value (fake).(net).1.6 (fake).(net).1.8

 ip-comp enable

 split-tunnel-policy tunnelall

 default-domain value some.dummy.dj

 client-firewall none

group-policy remote_users internal

group-policy remote_users attributes

 dns-server value (fake).(net).1.6 (fake).(net).1.8

 ip-comp enable

 split-tunnel-policy tunnelall

 default-domain value some.dummy.dj

aaa authentication http console LOCAL 

aaa authentication telnet console LOCAL 

aaa authentication ssh console LOCAL 

aaa authentication enable console LOCAL 

http server enable

http (fake).(net).0.0 255.255.0.0 DENGA

http (fake).(net).1.0 255.255.255.0 LAN

http (fake).(net).34.2 255.255.255.255 LAN

snmp-server host DENGA (fake).(net).3.19 poll community simbaka

no snmp-server location

no snmp-server contact

snmp-server community simbaka

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet (fake).(net).1.0 255.255.255.0 LAN

telnet timeout 5

ssh (real).(net).184.64 255.255.255.255 OUTSIDE

ssh (real).(net).184.65 255.255.255.255 OUTSIDE

ssh xxx.38.97.21 255.255.255.255 OUTSIDE

ssh xxx.33.8.160 255.255.255.240 OUTSIDE

ssh xxx.217.38.0 255.255.255.0 OUTSIDE

ssh (fake).(net).34.2 255.255.255.255 LAN

ssh timeout 5

ssh version 1

console timeout 0

!

class-map inspection_default

 match default-inspection-traffic

class-map bandw_test

 match access-list 120

!

policy-map type inspect dns migrated_dns_map_1

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect netbios 

  inspect rsh 

  inspect rtsp 

  inspect skinny 

  inspect sqlnet 

  inspect sunrpc 

  inspect tftp 

  inspect sip 

  inspect xdmcp 

  inspect icmp 

  inspect snmp 

  inspect dns migrated_dns_map_1 

policy-map bandw_test

 class bandw_test

  police output 800000

service-policy global_policy global

ntp server (real).(net).184.1

ssl encryption des-sha1 rc4-md5

:end

Open in new window

0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
I honestly see no problem with your config. Your next step should be to contact Cisco TAC and open a P1 case and get an engineer to determine what the problem is or if your PIX is bad.
Cheers!
0
 
LVL 32

Expert Comment

by:harbor235
Comment Utility

I just wonder if failover is causing you some issues, try this
I have still not seen the output of the "show failover",

Remove the old failover config and do the primary do the following, Iassume e5 is a dedicated interface for failover
and is connected to a switch in a dedicated vlan, the secondary port is in the vlan as well?

failover                                          
failover lan unit primary                                          
failover lan interface failover Ethernet5                              
failover key cisco                                          
failover interface ip failover (fake).(net).172.205 255.255.255.252 standby (fake).(net).172.206
                                                                  
On the secondary do the following;
                              
failover                                          
failover lan unit secondary                                          
failover lan interface failover Ethernet5                                    
failover key cisco                                          
failover interface ip failover (fake).(net).172.205 255.255.255.252 standby (fake).(net).172.206

Interfaces are monitored by default and do not need specific monitor commands unless you use subinterfaces.
Once configures issue the command " write memory" on the primary, very it sync'd

harbor235 ;}                        
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 250 total points
Comment Utility
Sorry for the typos;

I just wonder if failover is causing you some issues, try this.
I have still not seen the output of the "show failover",

Remove the old failover config and do the following, I assume e5 is a dedicated interface for failover
and is connected to a switch in a dedicated vlan the secondary port is in the vlan as well?

failover                                          
failover lan unit primary                                          
failover lan interface failover Ethernet5                              
failover key cisco                                          
failover interface ip failover (fake).(net).172.205 255.255.255.252 standby (fake).(net).172.206
                                                                 
On the secondary do the following;
                             
failover                                          
failover lan unit secondary                                          
failover lan interface failover Ethernet5                                    
failover key cisco                                          
failover interface ip failover (fake).(net).172.205 255.255.255.252 standby (fake).(net).172.206

Interfaces are monitored by default and do not need specific monitor commands unless you use subinterfaces.
Once configures issue the command " write memory" on the primary, very it sync'd

harbor235 ;}                        
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now