displayed on console. This is because some predefined CI commands in autoexec.net
is forbidden to execute in Bridge Mode.
2. In the following topology, Firewall VPN to LAN ping can’t be permitted.
PC1--------------DUT1--------NAT Router------PQA lab-----DUT2------PC2
IP: 192.168.1.33 IP: 192.168.1.2 LAN: 192.168.1.1 WAN: 172.25.21.24 IP: 192.168.2.33
GW: 192.168.1.2 WAN: 172.25.21.200 LAN: 192.168.2.1 GW: 192.168.2.1
(1) DUT1 is on bridge mode, DUT2 is on router mode, build VPN tunnel between
them.
(2) On DUT1 enable Firewall, and set Drop for VPN to LAN, then add a firewall
rule of VPN to LAN:
Source address = 192.168.2.33
Destination Address = 192.168.1.33
Selected Service = Any (ICMP)
Action for matched Packets = Permit.
(3) Can’t ping 192.168.1.33 from 192.168.2.33 and you can find
“Unsupported/out-of-order ICMP: ICMP (Echo Reply)” log on log page.
Note:
(1) Here, PC1’s GW is DUT1’s LAN IP. With the ICMP reply packet, the destination
IP is 192.168.2.33. In PC1, the packet will match the default GW (192.168.1.2) and
change the destination MAC as DUT's LAN MAC. DUT receive the packet and the
destination MAC is DUT's LAN, DUT thinks this packet is send to itself and the
ICMP out of order happens.This is because there is no ICMP request packet for the
device itself but an ICMP reply packet for DUT.
(ICMP out of order scenario, not ICMP request but with ICMP reply)
(2) If set the default GW in PC1 as 192.168.1.1, the packet's destination MAC is
NAT-Device's LAN (192.168.1.1), not DUT's IP. DUT knows the packet is not for
itself and ready pass through it. But the packet match the VPN rule and it will
encrypted by DUT.
[Content Filter]
1. CF Denied Access Message can run script.
2. And the categories function can also has some issue because of the OutpostPro
firewall bug fix. When user want to block some categories, such as“Search
Engines/Portals”, external DB search work normally the first time. But after
refreshing the page or open the website again in another Browser window, only
“Please contact your network administrator!!” can be showed, without the link to
bluecoat.
3. Web sites of category “Peer-to-Peer” were recognized as “Spyware/Malware
Sources”.
4. “Don’t block Java/ActiveX/Cookies/Web proxy to trust Web site” function in content
filter cannot work.
Symptom: "Don’t block Java/ActiveX/Cookies/Web proxy to trust Web site"
function in content filter cannot work.
Condition:
(1) In eWC->SECURITY->CONTENT FILTER->General page, enable
"Content filter" and block "Java Applet/ActiveX/Cookies/Web Proxy".
(144 paginas)
(30 paginas)
(4 paginas)
(2 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales