Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
Try disabling SSLVPN service, does the problem go away?
-
Funnily enough, yours could be the fourth thread with posts in this month from different gen6 users with rebooting firewalls: My guess is this SSLVPN vuln that was patched recently.
-
What is uptime on here? These log messages look like your firewall is rebooting.
-
This is a total aberration from SonicWall, their customers have to pay to get the solution to a problem they created themselves.... Did you upgrade to 6.5.4.15 without support in place? In that case, your users only have you to blame for ending up in this position.
-
If you want the traffic to be encrypted, add it to the VPN policy at both sides [Both sides of the VPN need agree on which subnets are in use, for this to work].
-
Update the firmware.
-
I don't think PortShield works for WAN interfaces but there are some other modes. L2 bridge mode might work, but I suggest you test it to make sure behaves in the way you're expecting. https://www.sonicwall.com/support/knowledge-base/configuring-layer-2-bridge-mode-in-sonicos-enhanced/170505396170557
-
No expert in gaming here but I would think they have SSL MITM countermeasures in place to prevent the use of tools for cheating, so games may not work with DPI-SSL.
-
And we already told them that the possible root cause is due to unlicensed. This is unlikely - it's possible that Sonicwall "accidentally" a bug to encourage you to buy licenses but this would be pretty underhanded behaviour. The more likely explanation is the SSLVPN vulnerability; tWebMain is [I believe] responsible for…
-
The short answer is "no". Why do you need two physical interfaces in the same network? Is this for redundancy?
-
Multiple subnets in VPN policies with different levels of access control is bread-and-butter stuff for SonicOS. I am guessing here, so I think a diagram might help, but did you ask the third party to create a static route so their replies go the right way?
-
Main office firewall VPN policy needs to listen on WAN Zone [this is default]. Remote offices need to have both IPs added to policies.
-
Interesting response there - they're suggesting you get the firmware from some random on the internet? In any case, if the firmware is corrupted, then you need to be prepared for the possibility that the configuration is also kaput. Hopefully a lesson about taking backups has been learned here.
-
IME you cannot get the firewall to listen for IPsec on anything other than its own interface IPs. Surely the extent of Sonicwall support's advice was not just "should fix that"? I know they're pretty bad, but not that bad… Why wouldn't you just use a single VPN tunnel, with the appropriate ACLs in place to control what…
-
This would specifically be about the server. For example, if the server has an IP address in the X0 subnet and is not using the Sonicwall as its default gateway, then GVC clients with IPs from the X0 subnet will be able to reach it. NetExtender clients with IPs from the SSLVPN pool will not, because the server will not be…