Syrian Firewall And WAF
Home
Articles
WAF
Changes Log
Skip to content (Press Enter)
Home
Articles
WAF
Changes Log
Syrian Firewall And WAF
Home
/
Articles
3 Articles
Releases
2.5.2-P0 New Features and Changes
Upgrade To 2.5.2-P0
2.5.0-P0 New Features and Changes
9 Articles
General
webConfigurator default Certificate expiring
WireGuard
AZTCOFW Documentation
WireGuard Limitations
Design Considerations
199 Articles
Troubleshooting
4 Articles
Troubleshooting Asymmetric Routing
Common Scenario
Automatic Fix
Manual Fix
Alternate Causes
9 Articles
Troubleshooting Authentication
DN and Related Settings
Bind Credentials
Active Directory Group Membership
Extended Query
Connection-Related Issues (non-SSL)
7 Articles
Troubleshooting Network Connectivity
WAN Interface
LAN Interface
Firewall/Rules
Outbound NAT
Diagnostic Tests
3 Articles
Troubleshooting DMA and LBA Errors
Non-Fatal Errors
Fatal Errors
Other Errors
2 Articles
Troubleshooting the DNS Cache
DNS Forwarder
Client DNS Cache
3 Articles
Troubleshooting Gateway Monitoring
sendto error: 55
sendto error: 64
sendto error: 65
1 Article
Troubleshooting the HAProxy Package
HAProxy Troubleshooting
7 Articles
Troubleshooting High Availability
Common Misconfigurations
Incorrect Hash Error
Both Systems Appear as MASTER
Primary system is stuck as BACKUP
Other Switch and Layer 2 Issues
3 Articles
Troubleshooting High Availability Clusters in Virtual Environ- ments
Hypervisor users (Especially VMware ESX/ESXi)
KVM+QEMU Issues
VirtualBox Issues
4 Articles
Troubleshooting High CPU Load
View CPU Processes
View Interrupt Counters
View mbuf Usage
View I/O Operations
4 Articles
Troubleshooting Installation Issues
Boot from Install Media Fails
Boot from hard drive after installation fails
Interface link up not detected
Hardware Troubleshooting
9 Articles
Troubleshooting IPsec VPNs
IPsec Logging
Tunnel does not establish
Tunnel establishes but no traffic passes
Some hosts work, but not all
Connection Hangs
4 Articles
Troubleshooting L2TP
Connected to L2TP but cannot pass traffic
Connection Fails with a Windows Client
L2TP Traffic Blocked Outbound
Cannot connect
8 Articles
Troubleshooting Low Interface Throughput
Insufficient Hardware
Hardware/Driver Tuning Required
Duplex Mismatch
Traffic Shaping
MTU Issues
7 Articles
Troubleshooting Multi-WAN
Verify Firewall Rule Configuration
Policy routing does not work for web traffic or all traffic
Failover not working
Load balancing not working
A gateway is incorrectly marked offline
3 Articles
Troubleshooting NAT
Port Forward Troubleshooting
NAT Reflection Troubleshooting
Outbound NAT Troubleshooting
1 Article
Troubleshooting NAT Port Forwards
Common Problems
14 Articles
Troubleshooting OpenVPN
Cannot route to clients on an SSL/TLS site-to-site tunnel
Client Specific Override iroute entry seems to have no effect
Why do OpenVPN clients all get the same IP address?
Importing OpenVPN DH Parameters
Check OpenVPN Status
3 Articles
Troubleshooting Routes
Viewing Routes
Using traceroute
Routes and VPNs
3 Articles
Troubleshooting Snort Rule Updates
MD5 Signature Mismatch
Upstream Issues
Space Issues
4 Articles
Troubleshooting the Squid Package
Disk Usage Issues
Sites not loading with splice / Error 409 in access log
Clear Cache
Complete Reset
11 Articles
Troubleshooting Upgrades
Cosmetic Problems Post-Upgrade
Upgrade Log
Upgrade not Offered / Library Errors
Repository Metadata Version Errors
Rewrite Repository Information
6 Articles
Troubleshooting Wireless Connections
Check Wireless Status
Check the Antenna
Try with multiple clients or wireless cards
Signal Strength is Low
Stuck Beacon Errors
5 Articles
Troubleshooting Captive Portal
Authentication failures
Captive Portal Does not Redirect
Apple devices are unable to load the portal page or login
Port Forwards Behind Portal Only Work When Target Logs In
Captive Portal Rules
16 Articles
Troubleshooting Firewall Rules
Check The Firewall Logs
Check the State Table
Review Rule Parameters
NAT Confusion
Port Forward pass action
4 Articles
Troubleshooting FTP Connections
Disabling the FTP Proxy
FTP Ports
Rules to allow FTP
Troubleshooting/Alternatives
2 Articles
Troubleshooting Blocked Log Entries for Legitimate Connec- tion Packets
Clustering and Load Balancing
Asymmetric Routing
5 Articles
Troubleshooting Traffic Shaping
Bittorrent traffic not using the P2P queue
UPnP traffic shaping
ACK queue bandwidth calculations
Why is
not properly shaped?
WAN connection speed changes
Troubleshooting Asymmetric Routing
Troubleshooting OpenVPN Remote Access Client IP Address Assignments
Troubleshooting Windows OpenVPN Client Connectivity
Troubleshooting Windows/SMB Share Access from OpenVPN Clients
Troubleshooting Authentication
292 Articles
Configuration Recipes
9 Articles
Authenticating Users with Google Cloud Identity
Configure the LDAP Application on the G Suite admin portal
Download the certificate, key, username and password
Import the certificate and key
Install the stunnel AZTCO-FW package (CE or 2.4.4-RELEASE)
Configure the stunnel package (CE or 2.4.4-RELEASE)
2 Articles
Configuring BIND as an RFC 2136 Dynamic DNS Server
Configure the BIND Server
Configuring a Client in AZTCO-FW
4 Articles
Blocking Web Sites
Using DNS
Using Firewall Rules
Using a Proxy
Prevent Bypassing Restrictions
2 Articles
Blocking External Client DNS Queries
DNS over TLS
DNS over HTTPS
6 Articles
Configuring DNS over TLS
Requirements
Configure DNS Servers
Enable DNS over TLS for Forwarded Queries
Testing DNS over TLS
Enable DNS over TLS Server (optional)
3 Articles
Dynamic Routing Protocol Basics
RIP
BGP
OSPF
2 Articles
Basic Firewall Configuration Example
Basic lock down of the LAN and DMZ outgoing rules
Setup isolating LAN and DMZ, each with unrestricted Internet access
3 Articles
External User Authentication Examples
OpenLDAP Example
RADIUS Server Example
Active Directory LDAP Example
3 Articles
Using EAP and PEAP with FreeRADIUS
General EAP configuration
PEAP and MSCHAPv2
EAP-TLS
1 Article
Using Mobile One-Time Passwords with FreeRADIUS
Enable Mobile-One-Time-Password (OTP) support
2 Articles
Using NAT and FTP without a Proxy
Client Behind AZTCO-FW
Server Behind AZTCO-FW
1 Article
Configuring AZTCO-FW Software for Online Gaming
Specific Game/Console Information
5 Articles
High Availability Configuration Example
Setup Sync Interface
Configure pfsync
Configure Configuration Synchronization (XML-RPC)
Determine IP Address Assignments
Cluster Configuration Basics
4 Articles
High Availability Configuration Example with Multi-WAN
Determine IP Address Assignments
NAT Configuration
Firewall Configuration
Multi-WAN HA with DMZ Diagram
2 Articles
High Availability Configuration Example without NAT
Public IP Assignments
Network Overview
4 Articles
A Brief Introduction to Web Proxies and Reporting: Squid, SquidGuard, and Lightsquid
Squid Caching Web Proxy
SquidGuard Web Access Control and Filtering
Lightsquid Web Access Reporting
Transparent Proxies and HTTP/HTTPS
1 Article
Authenticating Squid Package Users with FreeRADIUS
SQUID Proxy
2 Articles
Configuring the Squid Package as a Transparent HTTP Proxy
Install the Package
Configure the Squid Package
6 Articles
Setting up WPAD Autoconfigure for the Squid Package
Why would this be done?
Prerequisites
Create wpad.dat
Configure DNS
Block Port 80 Out from LAN
4 Articles
IPsec Remote Access VPN Example Using IKEv1 with Pre- Shared Keys
On AZTCO-FW
The client
Client tweaks
Troubleshooting
4 Articles
IPsec Remote Access VPN Example Using IKEv1 with Xauth
IPsec Server Setup
Device Setup (Android)
Device Setup (iOS)
Troubleshooting
5 Articles
Configuring IPsec IKEv2 Remote Access VPN Clients
Configuring IPsec IKEv2 Remote Access VPN Clients on Windows
Configuring IPsec IKEv2 Remote Access VPN Clients on Android
Configuring IPsec IKEv2 Remote Access VPN Clients on OS X
Configuring IPsec IKEv2 Remote Access VPN Clients on iOS
Configuring IPsec IKEv2 Remote Access VPN Clients on Ubuntu
4 Articles
IKEv2 Server Configuration
IKEv2 Certificate Structure
Mobile IPsec User Creation
Firewall Rules
Mobile IPsec User Creation
2 Articles
IPsec Remote Access VPN Example Using IKEv2 with EAP- RADIUS
EAP-RADIUS with FreeRADIUS
EAP-RADIUS with Windows Network Policy Server (NPS)
6 Articles
IPsec Remote Access VPN Example Using IKEv2 with EAP-TLS
Set up Mobile IPsec for IKEv2+EAP-TLS
Setup Certificates
Add Firewall Rules for IPsec
Import the CA to the Client PC
Import the Client Certificate to the Client PC
3 Articles
IPsec Site-to-Site VPN Example with Pre-Shared Keys
Site-to-site example configuration
Routing and gateway considerations
AZTCO-FW-initiated Traffic and IPsec
4 Articles
Routing Internet Traffic Through a Site-to-Site IPsec Tunnel
Configure outbound NAT
Set up the IPsec tunnel Phase 1
Set up the IPsec tunnel Phase 2
Allow IPsec traffic through the firewall
12 Articles
Configuring IPv6 Through A Tunnel Broker Service
Sign Up for Service
Allow IPv6 Traffic
Allow ICMP
Configure the New OPT Interface
Create and Assign the GIF Interface
4 Articles
L2TP/IPsec Remote Access VPN Configuration Example
Setup IPsec
IPsec Firewall Rules
DNS Configuration
Client Setup
4 Articles
Connecting to L2TP/IPsec from Android
IPsec Setup
Android Client Setup
Other Thoughts
L2TP Setup
4 Articles
Migrating an Assigned LAN to LAGG
Warnings/Precautions
Prerequisites/Assumptions
Migrate LAN to a LAGG
VLANS
2 Articles
Accessing a CPE/Modem from Inside the Firewall
Configure a new Interface
Configure NAT
4 Articles
Configuring Multi-WAN for IPv6
Caveats
Requirements
Setup
Alternate Tactics
4 Articles
Configuring NAT for a VoIP PBX
Aliases to make it easy
Port Forwards
Manual Outbound NAT
Reset States
3 Articles
Configuring NAT for VoIP Phones
Disable source port rewriting
Set Conservative state table optimization
Disable scrub
3 Articles
Bridging OpenVPN Connections to Local Networks
OpenVPN Server Settings
Creating the Bridge
Connect with Clients
2 Articles
Configuring a Single Multi-Purpose OpenVPN Instance
Setup
Notes
2 Articles
Connecting OpenVPN Sites with Conflicting IP Subnets
Site-to Site Example
Site-to-Multi-Site Example
17 Articles
OpenVPN Remote Access Configuration Example
Before Starting The Wizard
Choose Authentication Type
Choosing an LDAP Server
Adding an LDAP Server
Choosing a RADIUS Server
9 Articles
Authenticating OpenVPN Users with FreeRADIUS
Purpose
Requirements
Add an interface to FreeRADIUS
Add a NAS client to FreeRADIUS
Add Users
19 Articles
Authenticating OpenVPN Users with RADIUS via Active Direc- tory
Create a Certificate
Create an internal certificate
Install the OpenVPN Client Export Package
Prepare the Windows package
install the OpenVPN package
7 Articles
Installing OpenVPN Remote Access Clients
Installing the OpenVPN Client on Windows
Installing the OpenVPN Client on Mac OS X
Installing the OpenVPN Client on iOS
Installing the OpenVPN Client on Android
Installing the OpenVPN Client on FreeBSD
2 Articles
Adding OpenVPN Remote Access Users
Local Users
LDAP or RADIUS Users
3 Articles
OpenVPN Site-to-Site Configuration Example with Shared Key
Configuring Server Side
Configuring Client Side
Testing the connection
4 Articles
Routing Internet Traffic Through A Site-To-Site OpenVPN Tun- nel
Set up OpenVPN at Site B
Configure firewall rules at Site B
Set up outbound NAT at Site B
Set up the client at site A
3 Articles
OpenVPN Site-to-Site Configuration Example with SSL/TLS
Configuring SSL/TLS Client Side
Testing the connection
Configuring SSL/TLS Server Side
2 Articles
Accessing Port Forwards from Local Networks
Method 1: NAT Reflection
Method 2: Split DNS
3 Articles
Authenticating from Active Directory using RADIUS/NPS
Choosing a server for NPS
Installing NPS
Configuring NPS
6 Articles
Allowing Remote Access to the GUI
Use a VPN
Restricted Firewall Access
Use HTTPS
Move the GUI to an Alternate Port
Strict Management
3 Articles
Preventing RFC1918 Traffic from Exiting a WAN Interface
Scenarios where RFC1918 addresses should NOT be blocked on the WAN interface
Steps to block RFC1918 traffic from leaving the WAN interface
Notes
4 Articles
Routing Public IP Addresses
IP Assignments
Interface Configuration
NAT Configuration
Firewall Rule Configuration
6 Articles
Configuring Switches with VLANs
Dell PowerConnect managed switches
Cisco IOS based switches
Cisco CatOS based switches
Switch configuration overview
HP ProCurve switches
10 Articles
Using the Shaper Wizard to Configure ALTQ Traffic Shaping
Choosing a Wizard
Starting the Wizard
Networks and Speeds
Voice over IP
Penalty Box
WireGuard Settings
Assign a WireGuard Interface
Configure a WireGuard Tunnel
IPsec Export Package
IPsec Site-to-Site VPN Example with Certificate Authentication