Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
What you're describing is pretty normal for SSLVPN, unfortunately. If you want better performance, use Global VPN Client. If you must use NetExtender and want better performance then you need to use a dedicated SSLVPN appliance or VM.
-
Firewall sizing is not easy, unfortunately. A "this number of devices" firewall isn't particularly meaningful given that there is no such thing as an "average" device. What you need to size the firewall is to know how much throughput you want to attain and how many of the services will be on. The spec sheets from Sonicwall…
-
Not just address objects, I went crazy trying to find a local user on Gen7, name starting with 'a', who just was not there, but I couldn't create him because he already exists. Sorting alphabetically showed some a's first, but not this guy. It wasn't until I scroll-scroll-scrolled to the bottom of the list, then sorted,…
-
https://www.sonicwall.com/support/knowledge-base/how-to-configure-access-rules/210531012212553/
-
If the LAN users really are getting IPs from the Comcast modem, then this is very unlikely to be a Sonicwall issue. You would need to have bridged X0 and X3 on the Sonicwall for this to happen.
-
Just to be clear…when you say "the router" are you referring to the Sonicwall? Or an upstream router?
-
If you want to ask the firewall the state of the connection, then yes, you will always have to authenticate one way or another. If you want the firewall to push a message to you instead… Configure Failover & LB to probe something reliable on the internet [eg pinging 8.8.4.4]. Configure the logging category for this to send…
-
Have you tried googling it?
-
I know this is not the answer to your question but I suggest you disable this IPS alert entirely. ICMP echo is not a threat and these events are just noise. If you want to specifically exclude this device: Intrusion Prevention > Signatures > [edit the signature] > Excluded IP Address Range
-
Global VPN Client can do this and is faster than NetExtender.
-
I don't recommend portshielding, as all switching functions are done in software I don't buy it. There is a switch chip between the SOC and the ethernet ports. Everything that can feasibly be offloaded to the switch chip, will be. Even in the unlikely case that it is all done on the CPU, it is not relevant in this case…
-
Add X0 and X8 to the same portshield group. Then you can use either or both in the same network.
-
I've used the migration tool many times to do gen6-gen7 migrations and cannot recall any specific issues caused by the tool.
-
SSLVPN→LAN and LAN→SSLVPN access rule. Do the SSLVPN users have permissions to the LAN? This set per-user and/or per-group.
-
I wish every firmware release got a post from an official rep on here.