CacheGuard Help

I don't think so. Below an extract of the RFC 6056 ( https://tools.ietf.org/html/rfc6056 ): 2.1. Traditional Ephemeral Port Range The Internet Assigned Numbers Authority (IANA) assigns the unique parameters and values used in protocols developed by the Internet Engineering Task Force (IETF), includi...

Hi, Well, there is obviously an incompatibility between your Web browser and the registration page. Sometimes refreshing the registration page can show the Google reCAPTCHA. Use Shift + The Web browser's Reload button to refresh all caches. If this method does not work, please use an alternative Web...

Hi, If you reinstall your appliance, you need to re -register it first in order to recover its S/N. It's highly important to do not register it as a new appliance. Otherwise your License Key couldn't be installed. To re-register your appliance from the Web GUI, please go to the [GENERAL] > [Main Set...

Hi, You are very welcome! However I just tested your configuration in my lab using a FileZilla FTP Server v0.9.60 beta (instead of a vsftpd server) and the firewall rule based on the CG protocol called ftp_passive works very well. Can you please let me know what version of FileZilla FTP Server do yo...

That's fine! All you need to do is to import your private key and certificate (and possibly intermediate chain certificates) into CG. I invite you to read the following documentations to get help: - https://www.cacheguard.net/doc/guide/reverse_mode.html#ssl - https://www.cacheguard.net/doc/command/t...

Thank you sharing that FileZilla page with us. Active and passive FTP are quite complex protocols and when I forget the way that they work, I always consult the following explanation: http://slacksite.com/other/ftp.html . I hope that it could help our readers. It's likely that your FTP server (FileZ...

No, CG does not replace any existing security feature but reinforce your security by adding a complementary security layer to your networks. Actually the reverse proxy implementation (option 2) is much easier to implement than the destination NAT solution as CG is cabled to be implemented like that....

Hi, I just wanted to highlight that when the command setup is executed at first CG startup, the following access rule is automatically added in order to allow any access to CGs' administration interfaces. access admin add 0.0.0.0 0.0.0.0 The reason that this access rule is added is to allow beginner...

As we are in a destination NAT mode, we should not specify the PAT port for FTP and let it to blank (show as nil in the Web GUI) so I fixed firewall rules in my last post to reflect the right configuration. I truly apologize for this mistake. Regarding passive FTP ports, CG automatically allows spec...

Hi, Actually there is a better way to allow passive and/or active FTP at the firewall level. All you need to do is to replace the keyword tcp by ftp_passive (or ftp_active). This way, there would be no need to specify even a single rule for related dynamic ports used by FTP. Therefore your firewall ...