• One thing, How does the Firewall handles revoked certificates?

    I don't know If this in a issue in my end, but I've never saw a revoked certificate being blocked by the Firewall since v18 EAP.

    This is my Decryption Profile:


    If a post solves your question use the 'Verify Answer' link.

    XG 115w Rev.3 v19 GA @ Home.

  • Revoke Certificates can only be checked, if you have a CRL imported. The Firewall does not import external CRL per default. Personally i would rather invest into OSCP instead. Many products move now to OSCP instead, and Sophos is also looking into this. 

    __________________________________________________________________________________________________________________

  • Hi folks,

    update on reports

    The reports are back to two a day, very good down from 40 or more. The date on the reports is back to using GMT, for awhile when the DEVs were investigating I did actually have local time displayed on my reports, so basically the reports are half fixed as far as dates go.

    Missing from the reports is yesterday sig update download and NTP traffic. Updates to follow over the next couple off days as reports etc settle down.

    Ian

    XG115W - v19 GA - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.

  • Any chance AES-NI support for SW installs made it into this update? Believe its Jira ID NC-59127.

  • Their answer has v18.5 or v19, If AES-NI isn't present until v18.5 GA, then we will have to wait for v19.


    If a post solves your question use the 'Verify Answer' link.

    XG 115w Rev.3 v19 GA @ Home.

  • I tried this on two appliances, works fine for me now. 

    Maybe a cache issue? Could you try another browser? 

    __________________________________________________________________________________________________________________

  • Further update on reports.

    NTP/UDP 123 no longer appears in my daily reports. The previous version daily reports usually show over a 1000 hits for this port. Logviewer shows the traffic.

    Some thoughts on why NTP/UDP123 no longer appears in the daily reports. Sometime ago (within the last year) I started a thread about the hairpin NAT not working correctly. I suspect the issues has been resolved and as a result only the traffic that goes through the firewall LAN to WAN is actually counted, so the traffic from the internal NTP server is actually quite low (hit count) so is possibly below the reporting level.

    The NTP server is still working correctly.

    Ian

    I changed the NTP settings to destination ANY which now works. The NTP/UDP123 appears in the daily reports again. One IoT device needed a restart to get it to behave with the NTP server.

    XG115W - v19 GA - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.



    updated NTP/UDP123 reports issue.
    [edited by: rfcat_vk at 12:49 AM (GMT -7) on 18 Jul 2021]
  • If the WAN link fails the XG is still not capable of negotiating a new lease, that is a fail. If you are remote from the devices you support the only way to overcome the issue is to ask the local staff to restart the XG.

    Ian

    XG115W - v19 GA - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.

  • GUI interface not updating fully.

    As the up time shows and I am using the XG to add this report, but the rules in use is not updated. Yes, I have logged off and on and also reviewed via CM.

    Ian

    Update for 326, issue is till the same.

    XG115W - v19 GA - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.

  • Downloaded it yesterday and installing today, when you say performance are you referring to download speeds etc. or UI / system performance?

    I'm applying it to a Dell PowerEdge R210, but also have an Atom based PicoPC unit.