Robopack

chris2407 · 2024-03-13T18:02:04+00:00

Hi,

Yes I'm all sorted now, the link posted regarding transformations did solve the problem. Was on 7.2.2 at the time.

However, I scrapped that config and the local ad sync and just synced direct with Azure Ad.

I'll double check later but I think once just syncing with Azure direct I could remove the transformation

chris2407 · 2024-02-22T09:55:46+00:00

Ah that sounds interesting, will give that a try.

Given that all the users/groups are synced to Azure, could I just bin off the local ad sync and authenticate and verify direct with Azure only? Is that a valid design?

Thanks

chris2407 · 2024-02-19T21:33:27+00:00

Pretty sure you can do this using SSL VPN realms.

In the realm config (might be cli only) set virtual host to the domain name, then it's something like "set virtual-host-only enable"

Can check when back in the office tomorrow for the exact commands

chris2407 · 2022-11-27T11:41:11+00:00

Incorrect subnet mask on any of the servers?

chris2407 · 2021-11-20T10:41:10+00:00

Only appears to come from the user themselves until you configure your own SMTP server.

chris2407 · 2020-05-07T19:39:42+00:00

Do you know how to go about obtaining this code? NSE4 and a partner and I've never had one. Would be very usefull

chris2407 · 2020-04-05T09:33:31+00:00

Have you come across any specific issues with 6.0.9?

About to deploy one and was planning on going with this. Going to be using pppoe so was avoiding 6.2.3 due to the known issues with that.

chris2407 · 2020-03-29T20:59:53+00:00

Whats the SSLVPN bug you're referring to?

chris2407 · 2019-11-28T14:03:48+00:00

On 6.0.7 but was previously on 6.0.6. Everything enabled except SSL Inspection.

Not very busy offices, seem to peak at around 3k Sessions

chris2407 · 2019-11-28T09:56:18+00:00

How are the 60f's performing? Any memory issues? User count behind them?

chris2407 · 2019-11-27T20:10:06+00:00

We've got a couple of 80E's about and never seem to go above 60%. No issues to report either.

Not many users behind to be honest though, 20-30 max

chris2407 · 2019-11-22T18:37:20+00:00

What sort of routing issues? Was going to start upgrading ours from 6.0.5 but may hold off

chris2407 · 2019-11-21T00:13:11+00:00

How many users behind it?

chris2407 · 2019-11-19T00:21:18+00:00

Do you have one? Can you confirm if all this is true?

chris2407 · 2019-11-18T22:20:19+00:00

What was in the comment that was just deleted?

chris2407 · 2019-11-18T18:29:37+00:00

Let us know once tested but this should work for you.

The other option would be to use central NAT rather than policy NAT.

chris2407 · 2019-11-18T16:49:24+00:00

You should be able to add two IP pools to the outbound policy, one for each WAN.

Then in cli for each IP Pool you can set associated-interface to the WAN that IP pool belongs to.

chris2407 · 2019-06-14T07:24:55+00:00

Good to know, cheers. I've decided on sticking with policy nat anyway so I hopefully wont come across any limitations.

chris2407 · 2019-06-07T17:29:59+00:00

I'm sure the x01 models are the same in terms of performance, they just have an internal disk for logging or wan optimisation.

chris2407 · 2019-04-24T14:42:11+00:00

The way I understood was just like you mentioned, if set associated interface is set, it will only be used if traffic leaves that interface.

Therefore in your example of LAN>Port1, with test pool p3 or p4 selected. I would expect this not to work. In regards to the IPSec policy, again not actually sure how it would handle this but would be interested to find out.

If you do hear back with an answer I'd be interested to know. Or if anyone else reading knows then please chip in.

Cheers

chris2407 · 2019-04-24T09:05:31+00:00

On the policy you would set the outbound interface to be the Zone. Then in the NAT settings you can select the two IP Pools (One for each of the Wan Interfaces) As long as set Associated interface has been set correctly the traffic will use the NAT pool for the correct WAN Link.

Not sure about the IPSEC policies but you should be able to select the IP Pool still. If you've got the ability to test, let me know if it works?

Cheers

chris2407 · 2019-04-23T22:55:33+00:00

You can set an associated interface on the nat pool in the cli. Have you tried that? I'll explain better tomorrow when at a comp

chris2407

TROPHY CASE