MS Direct Access

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

MS Direct Access

L2 Linker

Any one setup MS Direct Access?

I have a MS consultant stating that all that is needed is to set up a NAT and add a security policy to allow TCP 443 and IP Protocol 41.

Here is the dumb question...

How do you allow IP Protocol 41?

2 REPLIES 2

L4 Transporter

I tryed to find "UAG" or Direct acces on Application Research Center

But it seems that this apllication doesnt has a their own signature.

In my opinion you have to make a port redirection (NAT rule) and security rule that will allow _all_ application, and it you will have estabilised session take a look into Monitor > Traffic - you will see how this traffic is categorised by PAN.

Regards

SLawek

L6 Presenter

According to Application Research Center the appid should be "ipv6":

"

Description

The technique of encapsulating IPv6 packets within IPv4 so that they can be carried across IPv4 routing infrastructures. While the IPv6 infrastructure is being deployed, the existing IPv4 routing infrastructure can remain functional and can be used to carry IPv6 traffic. Examples of IPv6 tunneling mechanisms are 6in4, 6to4.

"

The 6in4 stuff is the "protocol 41" according to 6in4 - Wikipedia, the free encyclopedia

Generally speaking if you have setup a "deny + log" rule in the end of your security policy set you should be able to see in the traffic log how the blocked traffic is being identified as.

  • 2021 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!