Hi,

Enviroment Checkpoint + r77.20

Every time I open a FTP SSL session, IPS drops randomly the transfer. If disabled works fine.

I´ve added  exceptions to IPS  for FTP SSL but still drops sometimes sessions.

any ideas?

Regards

Hello Experts,

I would like to change my current (route outside 0.0.0.0 0.0.0.0 64.64.64.230 1) outgoing internet traffic through different interface  (route dsl1 0.0.0.0 0.0.0.0 192.168.254.254 2)


route outside 0.0.0.0 0.0.0.0 64.64.64.230 1
route dsl1 0.0.0.0 0.0.0.0 192.168.254.254 2
route dsl2 0.0.0.0 0.0.0.0 172.16.17.254 3

i Tried unplugging the outside interface hoping internet traffic would go out the other interfaces but it did not. so maybe  i am  overlooking something. I thought that since they have 1, 2, 3, after each route it is supposed to go out other interfaces if it fails on the first one.
Please note i can only use  SSH to make changes no ASDM
Please provide exact step by step solution. my PiX knowledge is very limited
Running Config Attached
Thank you
Running-Config-temp.txt

I know this DMZ Forest Trust type question has been asked many times.  I read most of them and have followed many of the recommendations, however I still seem to be having trouble with this.  I'll explain what I'm trying to do...

• I have a new, 2016 functional level, forest created in the DMZ (we'll call it edge.domain, or edge DC)
• I have an existing corporate, 2008 functional level, forest on the LAN (we'll call it lan.domain or lan DC)
• I have created conditional forwarding zones for each domain in each DNS.
• All necessary ports were opened between lan DC and edge DC
• I have established a one way non transitive trust, where the edge.domain trusts the lan.domain.
• I have several servers in the DMZ, some windows some linux, some of these servers must authenticate to the lan.domain and currently have firewall ports opened from each of these servers to our domain controller to authenticate.
• I would like to accomplish a few things. 1) Allow administrators to log onto the edge.domain windows servers using thier lan.domain accounts.  2) Allow other servers in the DMZ to authenticate with the edge.domain controller instead of the lan.domain controllers.  3) Tighten up firewall rules to ONLY allow edge.domain controllers access to the lan.domain controllers, nothing else comes in from the DMZ.

So here's one issue so far that I'm facing.  Although the trust looks to be …

Hello dear community,
Ineed  to upgrade firewall checkpoint from 77.20 to 77.50
I would like feedback on this subject and if there are any script to automate this operation because I have a lot of firewall in different countries, and also how log time for interrupting service in upgrade
Thank you for advance

I am interested in installing Sophos XG firewall home edition on a PC. the following link has been given to me by Sophos as a link for the free download.

Link for Sophos XG firewall home Edition

I am somewhat nervous however as the site issues a warning to the effect that any existing operating system will be erased when installing the product. I understand this bit I am not sure what will happen if I click the Get Started button on the Sophos web site.
I would hope that an image file would be downloaded that I could burn to a CD/DVD and then use to install the product on a PC with no OS on it.
I wish to be assured that clicking on the Get Started button won't result in the XG firewall being installed on my PC and wiping out the my PC.

I've got a 5545x that I'm configuring for remote access VPN.  I've done a few 5506's but this is my first 5545.

I initially started with AnyConnect. I could get the client connected, but I couldn't get a ping response.  The client statistics showed control data was being exchanged.  Client data was being sent, but not received.

I wiped and reconfigured and got the exact same results.   Then I tried configuring IPSec for the legacy VPN Client because I can always get that to work. :-)

Exact same results.  Client connects fine but no data.  "show cry ipsec sa" shows pkts decap are increasing but pkts encaps are not.  

I figure that I'm just missing something and I've been looking at it for so long that I'm just not seeing it. Hoping someone can look at this and see a typo or a missing statement that I'm missing.

I've stripped out all the non-essentials and sanitized the output.  If I got overzealous with the stripping and cleaning, let me know and I'll repost.

Thanks.

Don

P.S.  I've added a bunch of... junk that I don't usually have while throwing things at this to see if something sticks.

ip local pool RA_VPN_POOL 192.168.255.1-192.168.255.62 mask 255.255.255.192
ip local pool AnyConnect_VPN_Pool 192.168.255.129-192.168.255.254 mask 255.255.255.192
!
object network VPN-Nets
 subnet 192.168.255.0 255.255.255.0
!
object-group network Inside-Networks
  network-object 10.10.0.0 255.255.0.0
 network-object 192.168.0.0 255.255.0.0
!

Select all Open in new window

…

I have a user that is abusing their privileges and would like to block services internally. A user wished to have the Dish Network application installed on their laptop to use while traveling. There has been reports that the use was using the application in the office while on the network. I wish to block services to this application while on the internal network. I currently have Palo Alto firewalls on the network. How do i block this service from my internal network?

Dear, we have a public server. how can we block remote desktop service to its public IP address? and allow only to its local IP?

I tried in Firewall advance setting, set the scope, but did not help.

Hi Team,
 
            I need a data tracker software free tool.I want to find which IP address/machine/user use upload/download amount of data.
I need a software tool for this monitoring.So can you please suggest me best tool free version.

I am running ubuntu 14, using the built in FTP server.
When I try to connect to it, it connects, but I get this error below

Status:      Connection established, waiting for welcome message...
Status:      Logged in
Status:      Retrieving directory listing...
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      LIST
Error:      Connection timed out after 20 seconds of inactivity
Error:      Failed to retrieve directory listing

Yes, I know I can change the setting in filezilla to active mode and then it would work, but that does not solve my problem.  I have a computer running a script FTP'ing files to my linux box, and it stopped working.
The only thing I did yesterday is disable and enable the firewall on the linux box, and it almot seems since then, it stopped working.

I'm thinking the problem is on the linux box?

I am using Linux, trying to connect to my ftp server using service-U in a remote data center.  I have an always on vpn connection to the data center. From a windows box, I can ftp just file to the server,  it from the Linux box, I keep on getting this error message.


First it says:
Connected to 10.2.x.x
421, service not available, remote server has closed connection

So I looked at the logs on my ftp connection and I didnt see any connection attempt.

Is this a Linux issue or my firewall, I'm thinking it's my firewall.

Been trying to upgrade the ios on ASA 5525s from 8.6 to 9.44. To do so there is first the need to upgrade to 9.04 and than to 9.44 but when the upgade to 9.0 was done a lot of config on the asa went missing; including nat rules, object network and access list entries etc. Any ideas why it happened.

Kind regards

Hi,

forgot windows 10  laptop password on old laptop to get into laptop. How do i reset or get into this old laptop. please advise