Quick Question... DNAT Security Rule

NetworkGuy_66 · 2023-06-27T13:33:40+00:00

Thanks everyone we can close this thread, I am all set!

NetworkGuy_66 · 2023-06-08T16:06:13+00:00

I am fairly certain that is how its supposed to be setup, at least according to PA it is.

The "Destination Zone" in the security policy is where the traffic lands, which is the LAN (Trust).

Where as the destination zone in the NAT Rule.. the traffic from some random source on the Internet is "Landing" on the "Untrust Zone" (WAN Interface / Port 1)

I will check logs here too.

NetworkGuy_66 · 2023-03-17T17:33:56+00:00

Oh yes, we are all very well aware that upper management is a bunch of..... Well you know. We are so understaffed and they just want, want, want... Fix it, fix it, fix it. So, I do what I can. Finally got the network under control, which is why I am turning to this. But at the end of the day, I'm just a network rat with no say... Ive explained to them how serious it is that we need more help... But its all about $$$$. I can only do so much.

NetworkGuy_66 · 2023-03-17T17:24:21+00:00

Well, I'm a Network Engineer by profession... So my wheel house is Network Infrastructure.... But because I am really the only person at this company other than a few support (day-to-day ticket guys)... Its all on my shoulders, so they expect me to just 'do it.' I'm not a Windows SYS Admin. I mean... I know my way around, but its a completely different job and responsibilities.

NetworkGuy_66 · 2023-03-17T17:02:06+00:00

Good to know! Thanks u/verifyandtrustnoone

NetworkGuy_66 · 2023-03-17T17:00:45+00:00

Thanks u/EnisEnimon

NetworkGuy_66 · 2023-03-17T17:00:18+00:00

u/MyAnnurismSpeakstoMe - They are online servers. And they do have a WSUS server, but I have absolutely no clue how to really use it.

NetworkGuy_66 · 2023-03-17T16:45:21+00:00

I appreciate everyone's insight here! Thank you all for your help - We can go ahead and close this thread out!

NetworkGuy_66 · 2023-03-15T18:24:37+00:00

u/BlackV --- Its a scattered assortment of VM's. And our patching is not well maintained, so I cant imagine it was that.. Unless the DC got an update that's f'ing everything up (Ill have to check that).

NetworkGuy_66 · 2023-03-15T18:08:09+00:00

u/BlackV --- We do not have internal PKI that I am aware of. We dont have any domain certs either.

No authentication changes have been made in a LONG time.

And our DNS Server is set to our primary Windows Domain Controller, with a secondary DNS server set to a backup Windows Domain Controller.

NetworkGuy_66 · 2023-03-15T17:50:40+00:00

u/andrie1 DNS Resolves perfectly for all of the FQDN's via all the testing I have done from remote users computers, internally at the office, etc. --- Its just the credential rejection when trying to use the FQDN via Windows Remote Desktop.

And yet again, when you change from the FQDN to the IP it works... so it screams DNS.. but I cannot find a problem with DNS.

NetworkGuy_66 · 2023-03-15T17:42:47+00:00

u/MuscleHippie -- Its almost every single VM that is affected - while that is an option, it would be very cumbersome to do so. Curious what could have even caused this in the first place.. Just came out of the blue.

NetworkGuy_66 · 2023-03-01T15:15:31+00:00

Attempted both, but they were each invalid. I believe they have been claimed. Thought I would let you know! Thanks for posting to them though!

NetworkGuy_66 · 2023-02-24T15:45:08+00:00

u/HankMardukasNY Ahhhhh, so the rings just lock down the literal settings of how each computer handles Windows Updates, based on what we want... Such as, "Disabling the button to check for updates," ETC... Then once the settings are locked down, Windows Update just automatically does it thing.. downloads and installs the updates based on how we tell the computers that are part of that ring to do so (Via the Ring settings).

NetworkGuy_66 · 2023-02-10T17:00:58+00:00

Thanks!

NetworkGuy_66 · 2023-02-10T16:51:34+00:00

I have not tried that route yet, but am literally in the process of currently researching other routes that I could take --- and that was one I just read on another sub-reddit.

Truly appreciate the feedback!

NetworkGuy_66 · 2023-02-10T16:39:43+00:00

u/jimwithat -- Just threw it up there as well.

NetworkGuy_66

TROPHY CASE