It looks like a Mac problem, but...

JaredBusch

@kelly said in It looks like a Mac problem, but...:

@scottalanmiller said in It looks like a Mac problem, but...:

Can they ping locally? Can they ping the gateway?

Yes to both. Changing gateway to x.x.x.254 works (so old gateway).

Are they properly getting the updated DHCP? I have had major issues with my MBP on an older OS version with it not accepting new DHCP info when setting up a new router.

Did you set one up static and does it fail?

Kelly

@jaredbusch said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@scottalanmiller said in It looks like a Mac problem, but...:

Can they ping locally? Can they ping the gateway?

Yes to both. Changing gateway to x.x.x.254 works (so old gateway).

Are they properly getting the updated DHCP?

Did you set one up static and does it fail?

So the gateway address did not change, just the device that has that address. DHCP release/renew makes no difference. Changing to static address with x.x.x.1 as the gateway does not work.

Dashrender

OK if the IP didn't change, but the MAC address did, sounds like an ARP cache issue.

JaredBusch

@kelly said in It looks like a Mac problem, but...:

@jaredbusch said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@scottalanmiller said in It looks like a Mac problem, but...:

Can they ping locally? Can they ping the gateway?

Yes to both. Changing gateway to x.x.x.254 works (so old gateway).

Are they properly getting the updated DHCP?

Did you set one up static and does it fail?

So the gateway address did not change, just the device that has that address. DHCP release/renew makes no difference. Changing to static address with x.x.x.1 as the gateway does not work.

No clue then. I have never had a problem when setting one statically.

My problems always occurred when setting up a new ERL or such and the MBP kept refusing to come online with the new IP from the ERL's DHCP server.

Dashrender

Is the new firewall blocking those machines for some reason? i.e. the new firewall see them as an attack? Anything in the logs?

Kelly

@dashrender said in It looks like a Mac problem, but...:

OK if the IP didn't change, but the MAC address did, sounds like an ARP cache issue.

Clearing the cache didn't fix it.

Kelly

@dashrender said in It looks like a Mac problem, but...:

Is the new firewall blocking those machines for some reason? i.e. the new firewall see them as an attack? Anything in the logs?

I'll take a look.

Dashrender

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

OK if the IP didn't change, but the MAC address did, sounds like an ARP cache issue.

Clearing the cache didn't fix it.

after clearing it, did you look at the cache to see if the IP matched the desired MAC address?

Kelly

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to set up VPN. This setting affects all outbound traffic. The Macs that were affected are the ones that have not yet been joined to Active Directory. This is a really cool setting that I'll be turning back on when we're actually ready for it.

Dashrender

@kelly said in It looks like a Mac problem, but...:

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to

What firewall?

Kelly

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to 

What firewall?

Juniper SRX.

dafyre

Nice to know it was working as intended, right? lol.

Dashrender

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to 

What firewall?

Juniper SRX.

I'm guessing some big money for that UTM.

Kelly

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to 

What firewall?

Juniper SRX.

I'm guessing some big money for that UTM.

About $2k for each node. We have an HA pair.

Dashrender

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to 

What firewall?

Juniper SRX.

I'm guessing some big money for that UTM.

About $2k for each node. We have an HA pair.

What was the reasoning behind the purchase?

Kelly

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to 

What firewall?

Juniper SRX.

I'm guessing some big money for that UTM.

About $2k for each node. We have an HA pair.

What was the reasoning behind the purchase?

I'm not sure what you're getting at.

Dashrender

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to 

What firewall?

Juniper SRX.

I'm guessing some big money for that UTM.

About $2k for each node. We have an HA pair.

What was the reasoning behind the purchase?

I'm not sure what you're getting at.

A general consensus around ML is that UTMs are unnecessary, i.e. a waste of money. Additionally, Scott is pretty adamant that there is only one primary vendor (drawing a blank right now) that is good for UTMs.

So what I'm getting at is, what was the decision tree that lead to purchasing two $2000+ UTM firewalls? Why were they felt to be worth the value versus say a pair of Edge Routers? etc

Kelly

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to 

What firewall?

Juniper SRX.

I'm guessing some big money for that UTM.

About $2k for each node. We have an HA pair.

What was the reasoning behind the purchase?

I'm not sure what you're getting at.

A general consensus around ML is that UTMs are unnecessary, i.e. a waste of money. Additionally, Scott is pretty adamant that there is only one primary vendor (drawing a blank right now) that is good for UTMs.

So what I'm getting at is, what was the decision tree that lead to purchasing two $2000+ UTM firewalls? Why were they felt to be worth the value versus say a pair of Edge Routers? etc

I didn't purchase them for the UTM, but the FIPS validation. Actually saved the company quite a bit of money overall since they were going to buy Cisco ASAs.

JaredBusch

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to 

What firewall?

Juniper SRX.

I'm guessing some big money for that UTM.

About $2k for each node. We have an HA pair.

What was the reasoning behind the purchase?

I'm not sure what you're getting at.

A general consensus around ML is that UTMs are unnecessary, i.e. a waste of money. Additionally, Scott is pretty adamant that there is only one primary vendor (drawing a blank right now) that is good for UTMs.

So what I'm getting at is, what was the decision tree that lead to purchasing two $2000+ UTM firewalls? Why were they felt to be worth the value versus say a pair of Edge Routers? etc

You are conflating shit and coming up with something none of us have said.

I have repeatedly said that the typical SMB has no need for a UTM. I have never said that a UTM is unnecessary.

But once you need a UTM, then you need a real UTM and not some $300 piece of crap.

Palo Alto is the gold standard in the space IMO. It does not mean that other units are shit. Just not as good, IMO.

You also assumed that he bought these units for UTM. Which as you can see by the follow up response, he did not.

Dashrender

@jaredbusch said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

@dashrender said in It looks like a Mac problem, but...:

@kelly said in It looks like a Mac problem, but...:

Well, the solution was no less peculiar. In my firewall config I had specified authenticated users for LAN to WAN in my work to 

What firewall?

Juniper SRX.

I'm guessing some big money for that UTM.

About $2k for each node. We have an HA pair.

What was the reasoning behind the purchase?

I'm not sure what you're getting at.

A general consensus around ML is that UTMs are unnecessary, i.e. a waste of money. Additionally, Scott is pretty adamant that there is only one primary vendor (drawing a blank right now) that is good for UTMs.

So what I'm getting at is, what was the decision tree that lead to purchasing two $2000+ UTM firewalls? Why were they felt to be worth the value versus say a pair of Edge Routers? etc

You are conflating shit and coming up with something none of us have said.

I have repeatedly said that the typical SMB has no need for a UTM. I have never said that a UTM is unnecessary.

But once you need a UTM, then you need a real UTM and not some $300 piece of crap.

Palo Alto is the gold standard in the space IMO. It does not mean that other units are shit. Just not as good, IMO.

You also assumed that he bought these units for UTM. Which as you can see by the follow up response, he did not.

I made no assumption - I asked a question. Period. Then he was confused by the question, so I explained my reason for asking.

So the answer to my question was - because FIPS. Period, end of line. FFS