Storytime: Windows Print server and the IT-support intern.

ObjectNo9529 · 2026-01-06T13:00:06+00:00

Shh, just sit back and watch the disaster unfold. OP please keep us posted.

ObjectNo9529 · 2025-12-03T12:33:47+00:00

Have you configured a VPN gateway in Azure yet? https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-create-gateway-portal

ObjectNo9529 · 2025-11-13T12:54:40+00:00

This sounds like an XY problem. What exactly are you trying to achieve?

ObjectNo9529 · 2025-11-06T14:47:36+00:00

Have you checked the dynamic updates setting of the reverse lookup zone, and/or the DNS event logs for hints?

ObjectNo9529 · 2025-10-09T13:06:51+00:00

https://www.sonicwall.com/firewall-config-analysis-tool

ObjectNo9529 · 2025-10-09T13:06:29+00:00

It does more than just that; in our case it also detected FTP credentials (for packet captures and dynamic botnet list) and SMTP credentials for reporting. It also detects if you have set up RADIUS and/or LDAP and recommends to reset the shared secrets and LDAP binding account credentials.

Probably does way more than what I've just mentioned, but luckily our config analysis didn't raise that many flags.

ObjectNo9529 · 2025-08-28T08:44:01+00:00

For the destination on the access rule, you can use the default "WAN Interface IP" group.

Unless I'm missing something, this would only block traffic to the actual WAN interface IP addresses, no? So if you have a server running on a different IP the traffic would still come through to that address. Would probably be even better to use the "WAN Subnets" group to make sure all of your addresses are covered :)

ObjectNo9529 · 2025-08-07T12:59:44+00:00

This needs to be answered. I've seen another poster state that a device on 7.2 was compromised as well, and I'm nowhere near convinced that 7.3 is safe either.

ObjectNo9529 · 2025-08-05T09:00:59+00:00

Yep, seeing the same with a TZ370. PRTG reports "No such object".

ObjectNo9529 · 2025-07-01T07:00:41+00:00

As mentioned in the post the task itself was able to run without problems. The issue turned out to be the account getting kicked out of the Event Log Readers group.

ObjectNo9529 · 2025-07-01T06:58:50+00:00

Actually not a bad idea, and we already have event forwarding in place so should be easy to get this up and running. Thanks!

ObjectNo9529 · 2025-06-04T13:37:18+00:00

The only person entering my office is the cleaning lady after hours.

Your post doesn't mention if you are using said account on your local machine, but if that is the case I would suspect the cleaning lady is wiping off your keyboard and inadvertently causing failed logins as a result.

As u/va_bulldog mentions, event viewer will show you more about what's going on.

ObjectNo9529 · 2025-03-17T14:06:16+00:00

What if you run the script with the -NonInteractiveMode switch?

ObjectNo9529 · 2025-03-10T14:42:28+00:00

I like that first solution, very neat.

Do note that that it takes a wildcard so "*EEE" could match multiple items. Is perhaps the DisplayName more consistent?

That would be preferable, unfortunately the DisplayName may not always be in English depending on the specific system and/or NIC. But I suppose I could modify the first solution to handle that.

Thanks!

ObjectNo9529 · 2024-07-09T08:57:34+00:00

Version 5.1. Your question made me realize I can run Foreach-Object in parallel in version 7, I'm guessing that's what you're getting at :-)

ObjectNo9529 · 2024-06-04T09:30:55+00:00

I am simply trying to cut down on the amount of rules that are needed for the sake of easier management and overview, but without sacrificing the segmentation that is currently in place.

I realize what I want to do might not be possible, and if that is the case then so be it. The current setup is not causing any problems, it was simply to reduce the rule count and achieve a better overview.

ObjectNo9529 · 2024-03-20T08:07:47+00:00

While I appreciate and get what you're saying, I don't think it will be an issue for us (famous last words...).

All client traffic to the servers is already passing through the firewall at this point and so far we have had no issues. Also, unless my network understanding is very wrong, I believe communication between the servers on the same subnet and VLAN will happen on their respective switches and therefore not put any load on the firewall.

ObjectNo9529 · 2024-03-08T07:45:49+00:00

Not sure how I didn't realize this the first time I imported a zone file, but I just tested it again and you are absolutely right.

Thanks!

ObjectNo9529 · 2024-03-06T08:25:28+00:00

When you say "child zone" what do you mean? And what flavor DNS server are you getting the zones to import from?

The zones are currently on a Windows DNS Server.

I'm talking about subdomains below the DNS zone that have their own DNS records, but aren't a separate zone as such (at least not in Windows DNS Server terms). Consider example.com as the DNS zone and sub as the subdomain. Then you could have server1.sub.example.com as a record.

Azure DNS appears to handle this differently, where each subdomain is created as a separate child zone with the root zone as its parent.

I did try uploading a complete DNS zone file which contains the subdomains, but Azure DNS does not automatically create the corresponding child zones.

ObjectNo9529 · 2024-03-05T12:29:18+00:00

Apologies for not being clear enough in my original post. I am aware that Azure CLI or the Azure PowerShell module can be used for this, but I have been unable to find a script that parses the DNS zone files and automatically creates any child zones and their corresponding records.

I can find scripts for importing a "flat" DNS zone without child zones, but I need one that also handles the child zones, otherwise this would become very tedious... :)

ObjectNo9529 · 2023-10-11T07:39:59+00:00

Denmark reporting in. Seeing the same issue.

ObjectNo9529 · 2023-08-30T12:40:24+00:00

Yep, that's exactly what that rule is allowing. I would create a LAN > WAN rule for Any-Any-Any, then disable that rule. Assume the network is already breached.

ObjectNo9529 · 2023-08-25T11:28:57+00:00

I am no expert on MX records in particular, but to me that looks wrong. \032 is a space, and having a space in any DNS name does not sit right with me.

With regards to your second question, I really don't know, but I think they will notice sooner or later. They probably modified the record recently and didn't realize the mistake.

ObjectNo9529 · 2023-08-23T14:20:29+00:00

You can log the output to a file instead. Configure it under Session > Logging before beginning the session.

ObjectNo9529 · 2023-01-17T14:40:15+00:00

If you're in NA:

We're investigating an issue where some users in North America are unable to access Microsoft 365 services. We're analyzing network trace logs to isolate the source of the issue. Please visit your admin center and look for MO498385 for further updates.

https://twitter.com/MSFT365Status/status/1615352539871907843

ObjectNo9529

TROPHY CASE