Hi,
I'm in the process of setting up SSO for users so we can control our internet access. We only want domain users to access internet and none domain users such (visitors) need to be blocked.

I have read a couple of articles but am still a little unsure which method to use, so here I am asking experts for guidance. I would also appreciate if someone can write step-by-step setup guide or an article that I can follow with some screen prints?

Please also point out any "gotcha"

This article says that "Event Log Monitor” has to be installed on all domain controllers, but later its talks about pushing out SSO client to machines which is also used for authentication, so am a bit confused if this is needed or not? Please clarify
http://www.skype4badmin.com/watchguard-sso-part-1/


and then this video also talks about "Exchange Monitor" for authentication.. do I need all of these options or will one suffice?
https://www.youtube.com/watch?v=qw8e85hXVcg

much appreciated!

Thanks

We have just deployed a Cisco Meraki wifi solution and are trying to set up our wifi networks. However the domain is setup as XX.local.
the commercial cert authorities will not  give  a trusted certificate for XX.local, so we a trying to work out how to deploy a SSL that  is trusted to make wifi for things such as BYOD work seeamlessly , We have considered self-signed but that shows as untrusted, we also need to open  up security on trusted machines to allow it. Has anybody done this or got a good idea

Hi,

Can anyone please tell me step by step how to stop a Watchguard XTM25 from blocking downloads of EXE files from a server hosted website (so need to add an exception as an IP address) .

Many thanks

Adam

Hi,

Scenario -- Cisco 3550

1) Guest Network  --- 10.2.3.0 /24
2) LAN Users --- 10.41.0.0/16

I want that users with IP address (10.2.3.0/24) should not be able to access 10.41.0.0/16 network. But at the same time i want 10.41.0.0/16 to have access to this 10.2.3.0 network.

Is it possible in Cisco 3550 to achieve this.

Thanks
Mahesh

I have a user that is abusing their privileges and would like to block services internally. A user wished to have the Dish Network application installed on their laptop to use while traveling. There has been reports that the use was using the application in the office while on the network. I wish to block services to this application while on the internal network. I currently have Palo Alto firewalls on the network. How do i block this service from my internal network?

I know very little about watchguards (or really most complex firewalls).  I have 2 watchguards in location A and location B.  looking at the policies on the main office's watchguard, I have 16 rules.  wonder which are needed?  

This is an XTM21 (old unit, right?)

it takes a few seconds to go from screen to screen / get the list of firewall policies, etc. 'retrieving data' on screen for 9 seconds... there's 16 policies in the list.  Is that a long time for pages to load?

a) do you just replace watchguards after x years because they are old?
b) do you reboot them on a schedule? How often? every week? month? year?

This watchguard is set up for:Exchange on the SBS server on the LAN, General surfing from inside the office, VPN to the other location and phones being able to connect to the exchange server from outside.

How many rules should those take?

Looking at the policies, I think this is what are set up. I inherited this network so may be unneeded / defaults that came with the box?
FTP OUTboundSMTP (192.168.2.3 to Any external)
GeneralProxy (From HTTP-proxy to ANY  Trusted)
SMTPtoMailSrv (From ANY to 75.127.x.x->192.168.2.3)
HTTPtoMAILSrv (From ANY to 75.127.x.x->192.168.2.3)
POP3toMailsrv (From ANY to 75.127.x.x->192.168.2.3)
IMAPtoMailsrv (From ANY to 75.127.x.x->192.168.2.3)
HTTPStoMailsrv (From ANY to 75.127.x.x->192.168.2.3)
RDPtoMAILsrv (From ANY to 75.127.x.x->192.168.2.3)
Voicecom mail system (From ANY to 75.127.x.x->192.168.2.3)
Watchguard …

I have an netgear wndr3800CH router
And a WD my cloud 1tb NAS drive

I'm working with a surface pro 4
I would like to have access to my NAS drive out side of my home network.

I can accent it though a web portal but I'd like to do it though windows mapped drive.

As if I was at home any guidance would be appreciated if diffident hardware is needed I'm open to inexpensive options.

I do have charter business as an ISP. For an static up address

What options are there to protect a web service from a DOS attack?

IF the web service were accessed only by my Objective-C iPhone application, and nowhere else, is this web service protected by the "security through obscurity" model? Or, can hackers crack open the source code of the iPhone app, like Apple can?

What about if I put the URL to the web service into the SQLite database and encrypted the Path?

So, when my app needs to request information from the web service, it does a DB lookup in the SQLite database for the path to the web service. When it gets it, it decrypts it. Then, using a variable (in memory) only, it makes the web service call.

Does this protect from a DOS attack to that web service call?

Are there easier ways?

Will this work on Java for the Android?

What about on my website?

Thanks.