Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
IME iperf performance will always equal or exceed speedtest.net. If you are getting those figures with speedtet.net then that means you're probably not maxing out your links with other traffic, so you should be able get that with iperf as well. I am out of ideas, unfortunately.
-
I know spec sheets should be taken with a pinch of salt but 2650 is specced for 1.3Gbps of VPN throughput so 300Mbps is way low. Also, it should be great out of the box, no particular tweaking required. What is internet performance like? Check the system monitor, what are CPU and WAN interfaces doing when you are testing?…
-
check @mitatonge's screenshots in this thread, they are all from SonicOS 6.
-
If you have multiple tunnels in an SD-WAN group, then any that are "Qualified" per the link quality parameters you set, will be used. I am not sure how the firewall chooses which link to put any given flow down.
-
OK, you can disregard the bit about triangular routing if this is only a single tunnel.
-
It is quite specifically worded, isn't it? Whether your users have local accounts or are served by RADIUS/LDAP/whatever, whatever generation of firewall, then they should have strong passwords in any case, right? So, like you, this suggests to me a credential leak in some specific versions of SonicOS.
-
A few things that might help: You can see flows in connection monitor If you have triangular routing, then ICMP and UDP will work but TCP will not Is this one VPN policy with multiple peers, or are you using multiple tunnel interfaces + route policies?
-
It is possible to co-term services on firewalls to align their end dates, I assume this takes an "average" of the end dates. This won't help you if the end dates are already similar.
-
Are these IPs in the same network?
-
SSL VPN Server settings, "Enable Web Management over SSL VPN".
-
is there a rule that drops these packets before it reaches the Access Rules The only "hidden" access rules are the implicit deny rules that blocks anything that doesn't otherwise match anything else. Given that SonicOS also does stateful packet inspection applies, there is another implicit "rule" that matches any traffic…
-
You cannot use routed mode with only a single routeable subnet. But if you only need one IP it doesn't matter. With a /29 on your WAN interface you can use the spare IP addresses in NAT policies. As an example, you could have your guest wifi go out to the internet NATed to a different public IP to your corporate networks.
-
You created WAN>LAN rule and on that block message, the destination was WAN, so your rule would not have applied.
-
If your question boils down to "can I use a /29 instead of a /30?", then the answer is of course "yes". If you're only using one IP ["just ignore the rest"] then the size of netmask is irrelevant so long as you have sufficient quantity of IPs.