u/Mvalpreda

Exchange SE on Server 2025. Certificate expired and renewed it through GoDaddy. Ran through Hybrid Configuration Wizard again and updated to the new certificate. ECP is showing the certificate as valid, but emails that are relayed through that server are stuck. I am seeing a 421 4.2.1 Unable to connect -> SocketError with domain.mail.onmicrosoft.com

Direct Send is turned off, but we do have a connector at Exchange Online for our IP address. This has been working until the certificate was renewed.

I'm guessing I'm missing a step somewhere. Any points in the right direction would be most appreciated.

I have a free license through Mearki CMNA for my MX67 that might be going away soon so I'm starting to look at other gateway devices. I already have an 8-port PoE and 24-port InstantOn switches, so going with the SG1004 made sense to stay in the same ecosystem. I just had a few questions and was seeing if anyone knows....

1. Pretty sure it supports VLANs
2. Does it include content filtering?
3. How good is the IDS/IPS?
4. Do the firewall rules have ACLs? (only allow incoming from certain IPs)
5. Does it do port forwarding? (incoming on port X - translate to port Y)

Appreciate any input anyone may have. I'm sure someone is going to suggest PFSense, but I'd rather not build something myself.

Is there a way on the MX security appliances to only allow incoming connections from say the US, but allow outbound connections to all but a handful of locations?

Want to only allow US connections for client VPN. And yes, do have MFA on VPN (using SAML through Entra).

When I was looking at layer 7 rules, it says to/from on that rule, so I'm guessing it is going to block both ways including established outbound connections.

Appreciate any nudges in the right direction.

Apologies as I have next to no experience with AWS, so I'll probably be using the incorrect terms.....

Have an AWS account accessing an S3 bucket that was set up by a user that has left. We do have access to the account and the MFA so it is not like we are locked out. Want to move that to a distribution list that is seen by multiple people. Is that as simple as updating the name and email address after logging in?

There are a couple of users that need access to the S3 bucket and are sharing the old user's login. I assume I need to set up new IAM users for those users, set up a policy for the bucket, add the users to that policy, then test.

Thanks for any nudges in the right direction.

I am not afraid of a CLI, but I'm barely a Linux amateur. Been trying to do updates on our Ubuntu 22.04.5 system and running into issues. Also noticed our Site24x7 agent has not been checking in - showing down in their portal...even through everything is functional.

I used to just run
sudo apt update && sudo apt upgrade && sudo apt autoremove
and be on my way. Today that is not working at all. This is what I get:

Hit:1 https://repo.45drives.com/debian focal InRelease
Ign:2 http://ca.archive.ubuntu.com/ubuntu jammy InRelease
Ign:3 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:4 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:5 http://ca.archive.ubuntu.com/ubuntu jammy-security InRelease
Ign:2 http://ca.archive.ubuntu.com/ubuntu jammy InRelease
Ign:3 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:4 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:5 http://ca.archive.ubuntu.com/ubuntu jammy-security InRelease
Ign:2 http://ca.archive.ubuntu.com/ubuntu jammy InRelease
Ign:3 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:4 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:5 http://ca.archive.ubuntu.com/ubuntu jammy-security InRelease
Err:2 http://ca.archive.ubuntu.com/ubuntu jammy InRelease
Could not connect to ca.archive.ubuntu.com:80 (91.189.91.81), connection timed out Could not connect to ca.archive.ubuntu.com:80 (91.189.91.83), connection timed out Could not connect to ca.archive.ubuntu.com:80 (91.189.91.82), connection timed out
Err:3 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease
Unable to connect to ca.archive.ubuntu.com:http:
Err:4 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease
Unable to connect to ca.archive.ubuntu.com:http:
Err:5 http://ca.archive.ubuntu.com/ubuntu jammy-security InRelease
Unable to connect to ca.archive.ubuntu.com:http:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done

87 packages can be upgraded. Run 'apt list --upgradable' to see them.

W: Failed to fetch http://ca.archive.ubuntu.com/ubuntu/dists/jammy/InRelease Could not connect to ca.archive.ubuntu.com:80 (91.189.91.81), connection timed out Could not connect to ca.archive.ubuntu.com:80 (91.189.91.83), connection timed out Could not connect to ca.archive.ubuntu.com:80 (91.189.91.82), connection timed out

Seeing what I might be able to do to get the updates working properly again. Or if there is maybe something going on with Ubuntu. I am located in the US (West coast) so not sure why I would be using the CA archive....but not sure how to change that.

Appreciate any points in the right direction!

EDIT - I'm good now. Used apt-mirror-updater and got a new mirror. Was able to update. Thanks all!