28 Jan 2023

Trend Email Security allow Voicemail Messages from Microsoft Teams

 Exchange Admin Center in Office 365 to allow voicemail messages from Teams Microsoft. 


Create this rule:


1. Navigate to Exchange Admin Center > Mail Flow > Rules

2. Click on "Create a new rule"

3. Create a new rule that:

Name: Teams Bypass For Trend

Apply this rule if: "The message type is"> include the message type > "Voice Mail"

Sender's IP address is in the range

13.107.64.0/18
52.112.0.0/14
52.120.0.0/14
52.238.119.141/32
52.244.160.207/32
2603:1027::/48
2603:1037::/48
2603:1047::/48
2603:1057::/48
2620:1ec:6::/48
2620:1ec:40::/42 

latest Teams IP addresses - https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

4. Do the following...

"Require TLS Encryption"

Then

Chose a mode for this rule: Enforce

Tick

"Stop processing more rule"

5.  Click Save


Move above the ONLY accept Mail from Trend Micro)

11 Dec 2022

Starlink with Meraki SD-WAN

Customers using Starlink can run into issues using Meraki SDWAN  if they use 192.168.1.0/24

The Starlink router uses 192.168.1.0/24 for the local LAN subnet.

If your office uses 192.168.1.0/24  as well then this will cause issues for SDWAN and VPN Traffic 


Prior to version 15.44  you could have the WAN subnet the same as a subnet on the  SDWAN   the route on the SDWAN took preference.

after 15.44 the traffic would go out of the WAN port and get lost.

This issue was fixed again in 18.0.2 but requires Meraki support to do a back-end fix.

The best solution would be to change the WAN subnet to a different range but this has been impossible.

I recently had a Starlink at my office and with the help of support, there is a solution now.

Starlink allows you to bypass the modem but you must have the ethernet adaptor


======================================================

To bypass the router, go to the App home page > Settings > Advanced

Starlink App version must be at least 2.0.19 to work

The toggle button on to bypass the Starlink router

This allows you to completely disable the Starlink Wifi Router.

You would need to utilize a Starlink ethernet adapter in order to plug in your own equipment.

While Bypass mode is enabled, router commands will not work.

If the toggle switch does not appear in the Settings tab, can factory reset the router and/or delete and re-download the app.

App Message in red text when Bypass is enabled: "Bypass Mode will completely disable the built-in Starlink Wifi router. this is an advanced feature that requires a Starlink Ethernet adapter and your own network equipment. A manual Factory reset will be required to reverse this."

==========================================================


As an interesting aside..  MY voice MOS scores change changed from 4.4  to 4.2  when using Starkink  and Packet loss was about 1% 







How to change the Starlink subnet.

27 Oct 2022

Exchange Online Basic Auth Deprecation



Estimated start time: October 25, 2022 11:00 AM
Affected services
Exchange Online
User impact
If action is not taken, users with Basic Authentication enabled for the affected protocols will be unable to sign in.
Action needed

Today, we started to disable basic authentication for any protocol not opted-out prior to September 30, 2022.

For more information see the “Basic Authentication in Exchange Online - 7 Day Notice” notification in Message Center.

If you need to re-enable a protocol, you can do so once by following the process here.

Additional diagnostics

Please verify your clients are using clients configured with Modern Authentication.

Outlook 2013 – Office 2013 client applications utilize legacy authentication by default. Users may need to update their registry to fully enable Modern Authentication. Please reference this document for more information.

Exchange ActiveSync – Users may need to remove and re-add their account to fully switch to Modern Authentication on mobile devices using EAS protocol.

POP/IMAP clients – If your POP/IMAP clients or apps are unable to connect, you might need to change your email client to one that supports Modern Authentication (Outlook does not support Modern Authentication for POP/IMAP accounts), or switch to Outlook on the web. You can use your browser and access Outlook on the web via https://outlook.office.com.

19 Aug 2022

Blocking ICMP

DONT BLOCK ICMP  (Maybe rate limit !)


Since setting IP IPV6 networks  icmp has become more important

Most IPV6 test sites Test ICMP connectivity.

ipv6 test


I have found this one to be very important

IPv6 - (Type2, Code0)   Packet Too Big (IPv6)

This is essential for MTU path discovery


IPv6 Routers do not Fragment packets like IPv4 did,  they just send back Packet too big  and the sender need to adjust.  these messages need to get back to sender!


Also  IPv4 used ARP for Layer 2 to  Layer 3 mappings.

But IPv6 Uses ICMP  for  

Router Solicitation (RS) (Type133, Code0)
Router Advertisement (RA) (Type134, Code0)
Neighbor Solicitation (NS) (Type135, Code0)
Neighbor Advertisement (NA) (Type136, Code0)
Redirect (Type137, Code0)

These should be permitted in the network but not outside


I have found a great source of information here

 Should I block ICMP



27 Jul 2022

UBB Bridge Link Firmware Upgrade


SSH  192.168.1.20 (default)

Username ubnt

Password   ubnt


firmware

  https://www.ui.com/download/unifi/unifi-building-building-bridge



Should be 

upgrade http://http://fw-download.ubnt.com/data/unifi-firmware/3134-UBB-2.1.3-2094415b625d477983f2a648b8


Manual Way

wget -O /tmp/fwupdate.bin http://fw-download.ubnt.com/data/unifi-firmware/3134-UBB-2.1.3-2094415b625d477983f2a648b8

syswrapper.sh upgrade2




Default IP

Edit the file /etc/udhcpc/udhcpc

UDHCPC_FALLBACK_IP="192.168.1.20"UDHCPC_FALLBACK_NETMASK="255.255.255.0"



Unifi L3 Adoption with DHCP Option 43 on pfSense, Mikrotik and others - tcpip.wtf



http://unifi:8080/inform