Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

Blocked Extensions Not Always Blocked

August 26, 2013, 1:55 pm
$
0
0
All-

I have encountered some odd behavior with the web proxy and blocked extensions. Exe extensions are blocked. As an example if I try to download a windows service pack (Windows XP SP3) the file has an exe extension which is blocked by the web proxy. The proxy returns a screen stating so. However I can freely absent of restriction download firefox which is an exe. My ASG is version 9.105-9 running on a core 2 duo with 8gb of ram. There are no entries in the log indicating a file download was blocked, or allowed. Somewhat confused why this might be going on....

Thanks,
Jim
Search

email setup for home UTM

August 26, 2013, 2:06 pm
$
0
0
I'm about 2 weeks into my install and I'm finally getting to addressing the isue of my UTM sendin Notifications and being able to email scheduled reports.

I do not have a SMTP server on my internal network but I have and ISP mail server that I can use.

How and where do I configure the UTM such that it will be able to send email notifications and email reports? :confused:

mac mini bouncing between two APs (AP10 and AP30)

August 26, 2013, 7:00 pm
$
0
0
I have a mac mini that is roughly between the two APs that I have in my house.

I noticed the mac was freezing frequently. When I looked at the system.log file, I noticed it was bouncing between the two APs.

So... I turned off the AP10 and I still noticed it is reporting Roamed or switched channel every few minutes. Is this normal? My AP30 is fixed channel (11) and I found a file on the mac that is reporting 11. Each time it reports the 'new' BSSID it is actually the same.


Code:
Aug 26 20:42:08 MyMac-mini kernel[0]: MacAuthEvent en1  Auth result for: 00:1a:8c:07:f5:41  MAC AUTH succeeded
Aug 26 20:42:08 MyMac-mini kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
Aug 26 20:42:08 MyMac-mini kernel[0]: AirPort: RSN handshake complete on en1
Aug 26 20:42:08 MyMac-mini kernel[0]: wl0: Roamed or switched channel, reason #8, bssid 00:1a:8c:07:f5:41
Aug 26 20:42:08 MyMac-mini kernel[0]: en1: BSSID changed to 00:1a:8c:07:f5:41
Aug 26 20:42:08 MyMac-mini kernel[0]: en1::IO80211Interface::postMessage bssid changed
Aug 26 20:44:16 MyMac-mini kernel[0]: MacAuthEvent en1  Auth result for: 00:1a:8c:07:f5:41  MAC AUTH succeeded
Aug 26 20:44:16 MyMac-mini kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
Aug 26 20:44:16 MyMac-mini kernel[0]: AirPort: RSN handshake complete on en1
Aug 26 20:44:16 MyMac-mini kernel[0]: wl0: Roamed or switched channel, reason #8, bssid 00:1a:8c:07:f5:41
Aug 26 20:44:16 MyMac-mini kernel[0]: en1: BSSID changed to 00:1a:8c:07:f5:41
Aug 26 20:44:16 MyMac-mini kernel[0]: en1::IO80211Interface::postMessage bssid changed
Aug 26 20:45:21 MyMac-mini kernel[0]: MacAuthEvent en1  Auth result for: 00:1a:8c:07:f5:41  MAC AUTH succeeded
Aug 26 20:45:21 MyMac-mini kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
Aug 26 20:45:21 MyMac-mini kernel[0]: AirPort: RSN handshake complete on en1
Aug 26 20:45:21 MyMac-mini kernel[0]: wl0: Roamed or switched channel, reason #8, bssid 00:1a:8c:07:f5:41
Aug 26 20:45:21 MyMac-mini kernel[0]: en1: BSSID changed to 00:1a:8c:07:f5:41
Aug 26 20:45:21 MyMac-mini kernel[0]: en1::IO80211Interface::postMessage bssid changed
Aug 26 20:48:35 MyMac-mini kernel[0]: MacAuthEvent en1  Auth result for: 00:1a:8c:07:f5:41  MAC AUTH succeeded
Aug 26 20:48:35 MyMac-mini kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
Aug 26 20:48:35 MyMac-mini kernel[0]: AirPort: RSN handshake complete on en1
Aug 26 20:48:35 MyMac-mini kernel[0]: wl0: Roamed or switched channel, reason #8, bssid 00:1a:8c:07:f5:41
Aug 26 20:48:35 MyMac-mini kernel[0]: en1: BSSID changed to 00:1a:8c:07:f5:41
Aug 26 20:48:35 MyMac-mini kernel[0]: en1::IO80211Interface::postMessage bssid changed
Aug 26 20:50:44 MyMac-mini kernel[0]: MacAuthEvent en1  Auth result for: 00:1a:8c:07:f5:41  MAC AUTH succeeded
Aug 26 20:50:44 MyMac-mini kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
Aug 26 20:50:44 MyMac-mini kernel[0]: AirPort: RSN handshake complete on en1
Aug 26 20:50:44 MyMac-mini kernel[0]: wl0: Roamed or switched channel, reason #8, bssid 00:1a:8c:07:f5:41
Aug 26 20:50:44 MyMac-mini kernel[0]: en1: BSSID changed to 00:1a:8c:07:f5:41
Aug 26 20:50:44 MyMac-mini kernel[0]: en1::IO80211Interface::postMessage bssid changed
Aug 26 20:52:52 MyMac-mini kernel[0]: MacAuthEvent en1  Auth result for: 00:1a:8c:07:f5:41  MAC AUTH succeeded
Aug 26 20:52:52 MyMac-mini kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
Aug 26 20:52:52 MyMac-mini kernel[0]: AirPort: RSN handshake complete on en1
Aug 26 20:52:52 MyMac-mini kernel[0]: wl0: Roamed or switched channel, reason #8, bssid 00:1a:8c:07:f5:41
Aug 26 20:52:52 MyMac-mini kernel[0]: en1: BSSID changed to 00:1a:8c:07:f5:41
Aug 26 20:52:52 MyMac-mini kernel[0]: en1::IO80211Interface::postMessage bssid changed

Here is a portion of the wireless log around the same time.

Code:
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f IEEE 802.11: authentication OK (open system)
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: event 0 notification
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f MLME: MLME-AUTHENTICATE.indication(28:37:37:17:2f:8f, OPEN_SYSTEM)
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f MLME: MLME-DELETEKEYS.request(28:37:37:17:2f:8f)
2013:08:26-20:45:19 192.168.1.100 awelogger[1853]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="MYLAN001" ssid_id="WLAN1.0" bssid="00:1a:8c:07:f5:41" sta="28:37:37:17:2f:8f" status_code="0"
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f IEEE 802.11: authenticated
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f IEEE 802.11: association OK (aid 2)
2013:08:26-20:45:19 192.168.1.100 awelogger[1853]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="MYLAN001" ssid_id="WLAN1.0" bssid="00:1a:8c:07:f5:41" sta="28:37:37:17:2f:8f" status_code="0"
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f IEEE 802.11: associated (aid 2)
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f MLME: MLME-REASSOCIATE.indication(28:37:37:17:2f:8f)
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f MLME: MLME-DELETEKEYS.request(28:37:37:17:2f:8f)
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: event 1 notification
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: event 4 notification
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: sending 1/4 msg of 4-Way Handshake
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: received EAPOL-Key frame (2/4 Pairwise)
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: sending 3/4 msg of 4-Way Handshake
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: received EAPOL-Key frame (4/4 Pairwise)
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f IEEE 802.1X: authorizing port
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f RADIUS: starting accounting session 521BBAA7-0000000E
2013:08:26-20:45:19 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: pairwise key handshake completed (RSN)
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f IEEE 802.11: authentication OK (open system)
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: event 0 notification
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f MLME: MLME-AUTHENTICATE.indication(28:37:37:17:2f:8f, OPEN_SYSTEM)
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f MLME: MLME-DELETEKEYS.request(28:37:37:17:2f:8f)
2013:08:26-20:48:34 192.168.1.100 awelogger[1853]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="MYLAN001" ssid_id="WLAN1.0" bssid="00:1a:8c:07:f5:41" sta="28:37:37:17:2f:8f" status_code="0"
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f IEEE 802.11: authenticated
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f IEEE 802.11: association OK (aid 2)
2013:08:26-20:48:34 192.168.1.100 awelogger[1853]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="MYLAN001" ssid_id="WLAN1.0" bssid="00:1a:8c:07:f5:41" sta="28:37:37:17:2f:8f" status_code="0"
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f IEEE 802.11: associated (aid 2)
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f MLME: MLME-REASSOCIATE.indication(28:37:37:17:2f:8f)
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f MLME: MLME-DELETEKEYS.request(28:37:37:17:2f:8f)
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: event 1 notification
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: event 4 notification
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: sending 1/4 msg of 4-Way Handshake
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: received EAPOL-Key frame (2/4 Pairwise)
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: sending 3/4 msg of 4-Way Handshake
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: received EAPOL-Key frame (4/4 Pairwise)
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f IEEE 802.1X: authorizing port
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f RADIUS: starting accounting session 521BBAA7-0000000F
2013:08:26-20:48:34 192.168.1.100 hostapd: wlan1: STA 28:37:37:17:2f:8f WPA: pairwise key handshake completed (RSN)

Wechsel ISDN auf IP Anschluss

August 27, 2013, 1:49 am
$
0
0
Hallo zusammen,
letztes Jahr habe ich Stunden damit verbracht den Telekom Router W921v als Modem in Betrieb zu nehmen um dann meine UTM120 mit PPPOE in das Internet zu bringen. Leider ist mir das nicht gelungen. Verision 9.105-9 meiner Astaro UTM120. Wie jetzt lese schein es dem User Basti_K gelungen zu sein was mir etwas Hoffnung gibt.
Nun aber zu meinem Problem:
Die Telekom ist dabei die alten ISDN Anschlüsse in IP Anschlüsse umzuwandeln. Alte Verträge sollen gekündigt werden.
Telekom: Ende des analogen Festnetz-Anschlusses kommt 2016 - teltarif.de News

Ich setzte eine Auerswald TK-Anlage 2206 ein, die über den externen S0 Port mit einem VoIP Gateway verbunden werden kann. Laut Telekom ist der Router W921V dazu geeignet. Anschluss soll so laufen, w921v S0 Anschluss an S0 Anschluss extern Auerswald. TK-Anlage erhält dann alle VoIP Daten über diesen Anschluss. Anlage kann normal weiter genutzt werden.
Da ich aber den W921V nicht als Router/Firewall einsetzen möchte sondern witerhin meine Astaro sehe ich hier das Problem. Ich vermute wenn ich die Astaro über PPPOE mit dem W921V in das Internet verbinde (falls es funktioniert), dann kann ich meine TK-Anlage nicht mehr nutzen weil alle Internetdaten somit auch VoIP über die Astaro laufen.
Wie müsste ich die Astaro einstellen um meine TK-Anlage weiter betreiben zu können. Ich vermute dass ich einen ETH Port an der Astaro verliere und hier dann die TK-Anlage mit dem S0 Port extern an Astaro Eth verbinden muß. Zusätlich ein Forwarding auf diesen ETH Port einrichten muß. Hat jemand das gleiche Problem? Ähnliches Problem und Lösungsvorschlag wäre super. Ich möchte den Schritt erst tun wenn ich mir siche sein kann. Habe keine Zeit nach Umstellung erst 1 Woche an der Konfig zu basteln und dann kein Telefon zu haben.

UTM Webfilter blockt gesamten www traffic

August 27, 2013, 2:39 am
$
0
0
Hallo Community,

ich habe bei meiner Sophos Utm (9.105-9) Homeversion seit gestern morgen das Phänomen, dass der Webfilter den gesamten Internettraffic blockt.

Ping auf google bring nur 50% Pakete durch. Ping von der UTM geht garnicht.

Das komplette interne Netz ist voll funktionsfähig.

Nach dem Abschalten des Webfilters geht alles wieder.
(Habe den Webfilter transparent laufen und Antivirenscan aktiviert. Im Webfilter keine geblockten URLs.)

Hatte jemand schon ähnliche Probleme?

Cannot link accross VPN

August 27, 2013, 4:01 am
$
0
0
I have UTM(1) 9.104 connecting to UTM(2) 8.311 with site to site VPN. No Intrusion prevention rules in force (for this test) nor anything showing in logs. Auto Firewall is on at both ends.

Users from site 2 can access web server in site 1. Users in Site 1 can ping internal destination at site 2, telnet on port 80 to web server at site 2, but cannot display website in browser at site 2. A separate connection from site 3 to site 2 with similar configuration has no problem. Traffic from Site 1 to a similar firewall structure in another site has no difficulty.

I am trying to find where the problem is, however apart from testing the above connectivity, I cannot find where there is a problem. I believe it is at site 1, but can't see anything wrong.

Any guidance appreciated.

eth0 eth2 connection for 2 local networks

August 27, 2013, 5:41 am
$
0
0
Hi Folks,

i try to use a UTM 9.0.0.5 to connect two local Networks.

eth0 192.168.0.180/24
eth2 192.168.241.180/24

under Network protection -> Firewall -> icmp

all possibilities are active

i can ping from the eth2 Network only to the eth0 Interface, and not through the utm to the eth0 Network.

the other direction works fine, from the eth0 Network i can reach the whole eth2 Network.

i have no Firewall rules at the Moment.

i read a few threats here at the board and one meaning was, that it is enough to active the icmp rules to reach both Networks with ping (for first step).

Maybe the meaning i found is wrong or i missed something.

so thanks very much for some help.

harold

S/MIME certificates are not extracted

August 27, 2013, 7:55 am
$
0
0
In Astaro 8.311, I have configured (under Mail security - Encryption - Options) automatic extraction of S/MIME certificates.
However, it never happens that S/MIME certificates get extracted and listed under Mail security - Encryption - S/MIME certificates. The list remains empty.
I have received several signed mails from external, where the user certificate (A) was signed by an intermediate certificate (B) and the intermediate certificate (B) was signed by a standard VeriSIgn certificate (C).
I have verified that C occurs among Mail security - Encryption - S/MIME CAs.
I have also added B manually to that list and received signed mails after that.
Still no success.
The way I understand this feature, an incoming mail signed with certificate A should cause A to appear under Mail security - Encryption - S/MIME certificates after a few minutes ...

What's wrong here? :confused:
Search

9.105-9 extremely slow!

August 27, 2013, 8:17 am
$
0
0
We updated to the latest v9 release today: 9.105-9
Now we see, a massive decrease of performance when loading websites over the proxy.

Whats always slow now is google. it takes 30 or more seconds to display the search results.

In the same time other sites may load normally. Sometimes even this takes very long time.

Disabling caching did not help.

Bypassing the proxy shows, that it's not a WAN problem. Sites load in seconds then.

Trying to install 9.1 UTM on old server but keep getting bug error

August 27, 2013, 12:14 pm
$
0
0
Hi all,

Im try to install UTM 9.1 on an a server that we had sitting around unused. It is setup with RAId 1 and RAID 5. Im trying to install this on the RAID 5 partition and for some reason when I run the install I get the following: Bug at helper.c:1752

Any ideas? Thanks!

[4.103-9][BUG FIX]Dydns pushed to SUM

August 27, 2013, 2:01 pm
$
0
0
Hi folks,
latest version of SUM.

Ian

Up2Date 4.103009 package description:

Remarks:
System will be rebooted
Configuration will be upgraded

News:
Fixed: DynDNS doesn't work anymore

RPM packages contained:
perl-IO-Socket-SSL-1.953-1.524.g719676d.noarch.rpm
ep-branding-ASG-afg-9.10-19.g22545b9.noarch.rpm
ep-branding-ASG-ang-9.10-19.g22545b9.noarch.rpm
ep-branding-ASG-atg-9.10-19.g22545b9.noarch.rpm
ep-branding-ASG-aug-9.10-19.g22545b9.noarch.rpm
ep-confd-9.10-171.g9382d69.i686.rpm
ep-confd-tools-9.10-166.g57b8fee.rb1.i686.rpm
ep-release-4.103-9.noarch.rpm

Moving from DNATs and SNATs to a 1-1 NAT setup

August 27, 2013, 2:21 pm
$
0
0
Hi,

I have a /24 public network routed to our HP DL360G5 running Astaro 7.5x.

Due to company policy, we're using a /24 RFC1918 network inside (e.g. 10.1.1.0/24), and there are now about 40 internal IPs.

This is quite a pain to manage the following:
a. 'additional' external addresses
b. DNATs
c. SNATs

My understanding is that 9.x has a 1 to 1 NAT system, although I do not have a network I can fully test it on, so I have some questions...

1. Can I convert my existing configuration?
I plan to use a spare HP server, install 9.x, import my 7.x config, and am hoping I can delete all the NATs and add a 1-1 NAT.

2. Do I still need all of the 'additional addresses' on the external NIC, or does the 1-1 NAT take care of this somehow?

If converting the existing configuration is not feasible, then I will probably want to try to setup SUM to pull in all my network & service definitions, so I can push them to a new firewall quickly.
Any foreseeable problems with that?

Thank you,
Barry

Can't pull IP from Comcast modem.

August 27, 2013, 3:58 pm
$
0
0
I have the latest non beta Astaro that I am trying to get running at a friends house. I have tried everything I can think of, and find online, but no matter what I do, I am not pulling an IP from the Comcast cable modem. Comcast says I do not need to do anything with the MAC since the modem holds all the data. Is that correct? Has anyone had any success with this?

Working setup

modem -- router -- network

Non working

modem -- Astaro -- network

Thanks for the help.

C68

Limit client PPTP connections.

August 27, 2013, 9:10 pm
$
0
0
I know this is on the wish list, but how far away is it?
I need a facility to limit the number of simultaneous PPTP connections for a number of clients.

Ie:
User Company1 - 10 max simultaneous connections.
User Company2 - 5 max simultaneous connections.

I really need this or one of our branches is going to use another vendors device to do this.

A facility to expire user accounts after X days would be nice too but the above is critical.

Hardware Refresh

August 27, 2013, 10:11 pm
$
0
0
Hi everyone,

it's about 3 years I've implemented in our enterprises networks some Astaro asg320rev3 appliances and i'm happy with kind of appliances.

Now, i can profit of Hardware Refresh and change a main cluster with a cluster of utm320 for a small price and i think to use this possibility.

My question is : how i must procede ?

do a backup on existing appliances
power on new appliance
do a minimum setup (just for connecting and restoring config)
restore the configuration

Restoring the configuration also restore the licenses (i must change the licenses for using on new hardware ?)
wire the 2 utm320 HA port and systems do the remaining setup

Is this correct ?


Robertone
Search

WSUS Client-Synchronisierung durch IDS blockiert

August 27, 2013, 11:40 pm
$
0
0
Hi,

wir haben einen WSUS-Server in unserer Hauptfiliale stehen, der alle Clients in unserer Zweigstelle mit Updates versorgen soll. In der Zweigstelle wird die Synchonisierung mit den Clients durch die IDS-Komponente der Astaro-FW (Version 8.311) blockiert (siehe ids_log.txt). Eine Ausnahme für den WSUS-Server haben wir schon definiert, aber es scheint als ob die ignoriert wird. Jedenfalls treten die Log-Einträge immer noch auf.

Ebenso haben wir im Menü "Erweitert" die SID der Snort-Verhaltensmuster ausgenommen, aber das funktioniert ebenso nicht.

Was noch komisch ist: Auf dem WSUS-Server werden die Clients aus der Zweigstelle zwar mit korrektem Hostname angezeigt, aber alle haben die IP-Adresse der Astaro Zweigstelle eingetragen.

Habt ihr noch eine Idee dazu?

Gruß
Marcel

Attached Files
File Type: txt ids_log.txt (1.5 KB)

Wan Bandbreite

August 28, 2013, 1:52 am
$
0
0
Hallo zusammen,

vielleicht ist es auch selbsterklärend, aber wieso wird mit teileweise eine viel zu hohe Bandbreite IN/OUT für mein Wan Interface angezeigt?

Verbindung läuft per PPPOE . Die UTM verbindet sich direkt mit dem Modem.
Teilweise werden mir 3-5MB/s angezeigt, obwohl ich nur eine ADSL 6 Mbit Leitung habe.

Ist das Verhalten normal?

Gruß

New to UTM9 need help

August 28, 2013, 5:10 am
$
0
0
I need to view and login to a website which uses port "91". How do i set this up?

what makes a DMZ?

August 28, 2013, 6:07 am
$
0
0
What i am confused about here... with regard to setting up guest wireless. Is how a DMZ works.

I have set up two separate Wireless Access points. Both Vigor AP 700's. One is plugged into my switch and give standard run-of-the-mill access to my internal LAN. (192.168.1.1/24)

The second Wireless AP is plugged into a separate EthX port on my UTM box. This then gets issued its OWN DHCP server in UTM9 on a different subnet....192.168.2.1/24

I understand that the DHCP issued addresses prevents traffic from the two subnets mixing. BUT, isn't it just simply a case of making my ip address static in windows... and changing the subnet mask to 255.255.248.0. That then gives me access to the OTHER subnet?

This isn't a true DMZ then is it? or are we just relying on people not doing static IP addresses?

Bit of a nooby question i guess... but it just strikes me as wierd.

Mail Verschlüsselung

August 28, 2013, 6:50 am
$
0
0
Hallo,
da ich das Thema gerade auf dem Tisch habe, folgende Frage:
Ist es nun möglich eine offizielle CA bei der Mail Verschlüsselung zu benutzen?

Mit dem wizard kann man ja nur eine eigene erstellen. Laut einigen alten Threads war dies bis dato nicht oder nur auf der shell möglich.

Bei verschiedenen wechselnden Kommunikationspartnern ist eine eigene CA einfach nicht praktikabel, mal davon abgesehen das es auch unprofessionell aussieht.

Wäre super wenn jemand dazu Infos oder auch eine Anleitung für die shell hat, sonst muss ich das Thema Mail Verschlüsselung über die Astaro/Sophos leider begraben. :(
Viewing all 14361 articles
Browse latest View live
Search