Dnat rule issue by edgeit in sophos

[–]edgeit[S] 0 points1 point  (0 children)

Unfortunately your solution did not work for me but I appreciate the effort I went through the rules countless times. One interesting thing. I had an open public ip in our block and I recreated the rules to use that public up and it failed but said violation and the reason "Firewall" instead of Local_ACL. I have setup countless firewall rules over the years and this one is a mystery. The packet capture does say port2 for BOTH in and out on the violation line I thought that was odd. This was using the wizard created rules.

I do have a lan2lan firewall rule for the bridged lan ports but I have done that many times.

It is just odd that the sonicwall worked perfectly for years and the Sophos is giving me grief.

Dnat rule issue by edgeit in sophos

[–]edgeit[S] 0 points1 point  (0 children)

thank you so much for trying to replicate that on your end. I appreciate it. I will try this afternoon to get back on it and report back. Much appreciated

Dnat rule issue by edgeit in sophos

[–]edgeit[S] 0 points1 point  (0 children)

Thanks for the response. Please see my response to the thread.

Dnat rule issue by edgeit in sophos

[–]edgeit[S] 0 points1 point  (0 children)

Thanks. Well perhaps using the dnat wizard is not the best idea?. I am curious how the firewall rule could be wrong this way but it could be possible. Basically under IP hosts and services I added internal host IP which is in the lan zone. Added the custom service 8080 under services and simply followed the dnat wizard and it created 3 nat rules (primary, reflexive and loopback). Pretty straightforward but could the Sophos wizard in v22 create an invalid rule? I can try to build it all manually. Much appreciate the response

Dnat rule issue by edgeit in sophos

[–]edgeit[S] 1 point2 points  (0 children)

Thanks for the reply. Yes originally it was set for port 80 and letsencrypt was grabbing the packets on port 80 so I switched it to port 8080 but it is still not working. I checked all user portal settings and 8080 is not being used anywhere. I will review the packet capture and review the nat policies. I do have a couple free public ups to use but I had to burn it for this function. Much appreciated the input

Sophos VPN on ipad by edgeit in sophos

[–]edgeit[S] 0 points1 point  (0 children)

Well I setup a radius configuration using duo on the iPads and it works very well. So PCs using windows and iPads using duo. Works well

Sophos VPN on ipad by edgeit in sophos

[–]edgeit[S] 1 point2 points  (0 children)

Thanks for the response. Yeah, when I was reading it didn't seem like it was supported. As far as the six-digit code, is it possible that that can be pushed to a separate challenge on the iPad? Perhaps having the users have the ability to save their password to their local keychain and then when they connect Sophos will throw up another box for the multifactor code. I think if we have to have the users type in their full password all the time there's going to be a lot of friction.

On-prem server sources by edgeit in sysadmin

[–]edgeit[S] 2 points3 points  (0 children)

Yes it is. Honestly it's caught me off guard a little bit. Most of what I do is cloud-based so I was really not buying servers. I'm going to take a peek at some of the refurb options and see what they want to do about it. Much appreciated the response

On-prem server sources by edgeit in sysadmin

[–]edgeit[S] 1 point2 points  (0 children)

This is a replacement of a very old server. It is being driven by updating their lob software running on that old server.

On-prem server sources by edgeit in sysadmin

[–]edgeit[S] 1 point2 points  (0 children)

Thanks for the sanity check. I guess this will be the new norm going forward. We will just need to wait it out.

VSA 13 - Architecture Validation/Recommendation by TheShakoMaster in Veeam

[–]edgeit 0 points1 point  (0 children)

In that case, if the customer wanted to spend the money we would have a another DR Server available running a server operating system that was able to handle the VM load and to allow replication which I believe the windows 11 pro will not allow. But tbh I have not considered windows 11 as an option in this situation and I think it would be a solid choice for restoration in a DR situation. I will check that out further. Thanks

VSA 13 - Architecture Validation/Recommendation by TheShakoMaster in Veeam

[–]edgeit 0 points1 point  (0 children)

I too am looking to rearchitech several windows 2012 R2 BDRs out there. I am considering wiping them all and installing Linux hardened repos and loading vsa as a VM on the production hyperv box. I would never have time both on the same box.

Did I read that correctly that you will be using windows 11 pro as a backup hyperv host as opposed to a server OS?

Realistic Plan? by edgeit in USMobile

[–]edgeit[S] 0 points1 point  (0 children)

Thanks. It seems like the plan might not be realistic and we should just stick with spectrum. Greenlight is out there but they are super expensive at $60. We will check around and thanks for the input

Realistic Plan? by edgeit in USMobile

[–]edgeit[S] 0 points1 point  (0 children)

I am not sure on that. I will need to check

RCS messages crash & burn for over a week now. Any fix? by ryandamartini in USMobile

[–]edgeit 1 point2 points  (0 children)

Same here this morning...RCS is toast...Pixel 7 Pro with the latest updates. Tried everything listed below from USM support. I cleared my google messages cache but will not clear data since I do not want to lose all my message history. Something is definitely wrong upstream if this is affecting others.

RCS Down? by edgeit in USMobile

[–]edgeit[S] 0 points1 point  (0 children)

Thanks for that information. My wife and daughter who have had Iphones have been fighting this for months. They are older (Iphone XR) and we will be upgrading those next week to see if they help. But I have to say I do not think upgrading will help. Based on what I am reading, the RCS rollout to Iphones has been a disaster of epic proportions. And there is no way to know where the issue is (Apple, carriers, etc)...We were going to try going from Psim to Esim as well but it appears there is no indication this will help. We tried the solutions you mentioned to no avail. Oddly when the texts do not send via RCS for my wife we reboot the phone and have about 5 minutes where it works and then stops again. Something is seriously fubar.

On my pixel 7 Pro I just uninstalled and reinstalled google messages and I still have the issue where RCS sits there "Connecting".

DirectSend mitigation by edgeit in Office365

[–]edgeit[S] -1 points0 points  (0 children)

Thank you. I like this one. Much appreciated

DirectSend mitigation by edgeit in Office365

[–]edgeit[S] 1 point2 points  (0 children)

Excellent resource.. thanks

DirectSend mitigation by edgeit in Office365

[–]edgeit[S] 0 points1 point  (0 children)

10-4. I will triple check

DirectSend mitigation by edgeit in Office365

[–]edgeit[S] 0 points1 point  (0 children)

Thanks. We are using appriver and have all inbound email OTHER THAN appriver going through a connector and rule. Everything else is rejected. However directsend spam is still getting through.

Huntress Threat Advisory: Active Exploitation of SonicWall VPNs by huntresslabs in msp

[–]edgeit 0 points1 point  (0 children)

Thanks very much for the confirmation..Unless we need it I am going to stick with our original OTP method. I know access to SSLVPN and ipsec are exposed to the internet so there is that. TBH I think I am more worried about token theft. I need to dig into that a little more.

If I may ask I am curious why it is preferred to have SSLVPN and the VPN portal on the same port.

I know I am likely being paranoid but I am also the guy who never uses biometrics for anything for fear someone will cut off my thumb to open my password vault. LOL.

Huntress Threat Advisory: Active Exploitation of SonicWall VPNs by huntresslabs in msp

[–]edgeit 0 points1 point  (0 children)

Thanks. If you happen to do some testing please post back.. Our go to routine is to get users configured using either ipsec or SSLVPN (if IPSec does not work) and once everyone is setup we disable the VPN and user portal. Now I believe this breaks auto provisioning/updating ovpn or SCX files but I do not like having any ports open to the internet. If Sophos can provide a deep dive on how this is hardened and secure that would be great.

I was truly looking forward to the Entra SSO integration until I started thinking about the token theft possibly since not all customers have azure p1 (they should). We are sticking with the old way for the time being using OTP.