Comments
-
not bad! Security is obviously my jam ;)
-
You can give the same subnet address in Virtual Server "public IP" Firewall will do proxy ARP so traffic know where to send
-
As PeterUK said, try to change Firewall's LAN IP to prevent the conflict
-
It said the site is phising. But I believe that in a few days classification will not be phising if he is really normal. You can add to allow listed as workaround if you want.
-
I found some FAQ talk about Voice VLAN
-
As far as I know, the vlan setup on sip phone is named voice VLAN with tagging. The purpose is to separate the voice stream and data stream. -So do the appropriate settings on swtich after you added voice vlan. -Create vlanXX interface if the voice stream will goto internet.
-
What's your IP address on USG40 WAN when LTE bridge? It should not work if you get CGNAT addresses (100.64.0.0~100.127.255.255)
-
SFP Port can act as LAN Port, but it cannot become the same lan role with other Lan As you saw in "Port role", SFP Port is independent.
-
I'd like to use APP patrol instead. Here is App category named: Windows upgrade. or follow PeterUK instruction setup blocklist on CF lists
-
You can set virtual server or 1:1 NAT instead of 2 ports, Firewall will respond ARP of other public IP in this case. I believe it is the best way that only open necessary ports by NAT, moreover firewall can prevent some attack from internet.
-
Find the datasheet, FLEX200 does not support SFP+ .
-
You can add another zone fwd what you want to overwirte.
-
The latest geo DB version is 0329 exactly.
-
Try the weekly
-
create another policy with higher priority. You wanna exclude IP1 For example: Rule1 : IP1 allow any Rule2: IP1's subnet allow any with scheduled.