Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Has anyone successfully created a Pre-Auth ACL to block Whatsapp messenger from connecting prior to authentication?I understand that in some posts, there were suggestions to block Whatsapp via blocking access to c.whatsapp.net and s.whatsapp.net, but...
Hi, Is there a way to block access to virtual IP (192.0.2.1) in the pre-auth ACL when doing external webauth?This is because I've noticed that even before the visitor/guest registers to the external portal, if they manually enter 1.1.1.1 in their web...
Hi,If I've a multi-tiered Firewall design with 3 firewall tierings for web servers, middle-tier apps servers and also database servers as the diagram below..FW-A | |Switch-----Web Server | |FW-B | |Switch-----App Server | |FW-C | |Switch---...
Hi,I'm having trouble getting this new BIOS policy feature "Resume AC on Power Loss" to work. I've tried both on v1.3(1c) as well as v1.3(1n) but to no avail.After creating the BIOS policy with "Resume AC on Power Loss" set to "reset" (I've even trie...
I think in terms of getting the user re-authenticate, it depends on the webauth timer or if you delete the user entry from WLC monitor client.But on how to delete the visitor entry from the database manually, I'm interested to know also as I've been ...
Thanks.. I totally forgotten about that... But I've just realized, I'm not able to block whatsapp on iphone because of the TCP multipath in iOS 8.Whatsapp will fallback to the cellular data when the app can't get through the wireless LAN.
Bouncing off FW-A probably would require me to use the ASA command of same-security interface permit intra-interface for an ASA firewall.Another way I can think of is to do a NAT on the apps server on FW-B so that request from webserver will be NAT'e...
Thanks Jon. I agree with you on that.Having said that, if I've a web server with a public NIC to pointing to the tier-1 firewall and the private NIC pointing to the tier-2 firewall to access the apps server subnet, I will not be able to configure two...
How about those servers which is single-homed with one single NIC (one GigE port)?One way of doing this is to manually configure the routing in the server itself but this would not be practical if there are many servers..Thanks..
