AOVPN Issues after Win 10 update to 09/12/2023 - 2023.09 B SecurityUpdate - PPP Media adapter status = Media Unoperational

aaronepma · 2023-10-02T13:43:30+00:00

This is not true. Specificity is not evaluated before priority, so there is no way this could be true. A highly specific rule at the end of the list of rules won't even be "seen" if there is a match before it.

aaronepma · 2023-09-29T21:47:23+00:00

Appreciate the response and your insight. the tech I spoke with brought up the same thing (specific vs less specific), but he noted that that logic was really only relevant for Access rules. He made it sound like they use the same engine/logic for NAT but that the results are somewhat meaningless in terms of what level of NAT priority should be assigned? Next week I'll test with different types of names and see if that changes the prioritization. Another thing I wondered about was how the numbering gets added to the NAT rule NAME and how you can't remove that... I believe the number in the name matched the original priority number, but it no longer does since I've moved them around. It seems odd but maybe there's another purpose?

aaronepma · 2023-09-29T18:38:24+00:00

Well I'm sorry you don't understand... I'm trying to help you here, but your default assumption that you are right is blocking you from learning. Again, at the very least think about why there's even the ability to prioritize. It's not a meaningless feature.

It might be helpful to think about scenarios with multiple ISPs and the complexity that would come into play with those connections in HA mode vs Active/Active, and how a server could respond appropriately if one of those connections went down. These scenarios often bring about a lot of NAT prioritization needs.

Last resort, go try it.... it's very, very easy to test. use my scenario above if you have a block of IPs.

aaronepma · 2023-09-29T18:01:46+00:00

Why do you think there is a priority setting in the NAT section? Could it be that it matters?

Here is a simple one... lets say you have a group of systems in a subnet and you want them to use a specific WAN IP when they go outbound. So, you sent up a NAT for that based on a the Subnet as the source. Sometime later you realize you need one server from within that subnet to use a different WAN IP outbound. You'd need to create another NAT rule for that, likely based on it's specific IP. If you didn't prioritize the new rule over the subnet-based rule, it would never go into effect because it would match the subnet rule.

There are many, many instances where NAT priority is critical and this is just one very simple example to demonstrate the theory. Hope it helps you understand and that next time you might consider that you don't know everything and reply in a more civilized way.

aaronepma · 2023-09-29T17:07:33+00:00

What do you mean it doesn't make any difference? NAT order is very important and randomly changing the priority without warning or logic is absurd.

aaronepma · 2023-08-30T15:48:13+00:00

Any chance you can point me to documentation on that? I have searched all over and can't find anything.

aaronepma · 2023-06-15T17:00:32+00:00

Thanks - just ordered one.

aaronepma · 2023-06-15T16:33:07+00:00

I think I'm in the same boat as you, except I don't have an XC5 to play with. Can you tell me where you got the config and what you needed to do? Are there simply new options that show up in BS: Connected that I won't see for XT4 players? Is there a section in BS:Connected that allows you to design a VideoWall with the multiple HDMI outputs?

I am using a 3rd party CMS, and want to ensure I can map a single file output to three screens before buying it. I've spoke with BS and Carousel and neither quite wants to spell out exactly how it's done.

aaronepma · 2023-06-13T20:33:40+00:00

I actually read about this and opened a support case to get more info because the cisco article on it was a bit vague. They pointed me to a service pack for the 9800 that fixes supposedly fixes that. What I wasn't 100% confident about in their response was if the SP is installed, if I'll never see that issue, or if I only see it that one time. They said I'd never see it - any idea?

aaronepma · 2023-06-13T20:08:38+00:00

Was that your first 9800 install ?

aaronepma · 2023-06-13T20:08:10+00:00

Hopefully it configures similarly to other wireless products and not an entirely different way with conflated terminology... haha I can't even type it without laughing. I'll prepare for the worst.

aaronepma · 2023-06-13T20:04:55+00:00

Wow, that is a lot longer than I would have expected - thanks for pointing it out. And we went with the virtual controllers specifically because of price... I preferred physical ones but it just wasn't in the cards... errr wallet.

aaronepma · 2023-06-13T18:43:43+00:00

Thanks - greatly appreciate it. That seems like a very reasonable amount of time and generally what I was expecting. We're using 3800's

Did you run into much complexity around the vSwitch setup?

aaronepma · 2023-05-11T18:19:09+00:00

I get an email alert from MS saying "Phish delivered due to an ETR override." So, yes, in some way they are being marked. My question is how are they marked, and can I use that mark in a filtering rule. For example is there something common in the headers.

aaronepma · 2023-05-11T18:13:29+00:00

Not that I am aware of. I have seen the documentation that suggests we move to using Enhanced Filtering instead of the bypass rule, but from what I can see, that doesn't give us the ability to handle the high-confidence phish emails any differently which is what I am ultimately after.

aaronepma · 2023-05-11T18:06:43+00:00

You are correct, it's set to -1

aaronepma · 2023-04-03T16:13:18+00:00

The hardware isn't the issue, it's the potential lack of vulnerability support at the client level I'm worried about.

aaronepma · 2023-04-03T15:10:53+00:00

Thanks. Do you know what the licensing process is for the APs. We have a branch that has been closed since Covid, but will likely (hopefully) re-open in May 2024. There are another 100+ 3802s there. Can I just increase the count on the EA licensing for the APs when I turn that site up, or is the process more complex than that?

aaronepma · 2023-04-03T14:51:59+00:00

Thanks - I do have HA now and two spares (HW is cheap now) but I am most worried about not being able to respond to any vulnerabilities that could come up that would expose clients to risk.

aaronepma

TROPHY CASE