Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
Your NAT policy will need to have the "Translated Source" set to an IP on the Site 2's firewall, and "Translated Destination" would be whatever "site2.hostname" is,
-
You can do a NAT policy to handle this but it would be bidirectional NAT in the sense that Site 1 would see the connection originating from Site 2's IP rather than Site 3's. The alternative to NAT is to route the traffic between sites over VPN tunnels, although I think when you say "No access to non-Sonicwall firewall" you…
-
Not just KPN, for sure. I am pretty sure the hardware supports it, so it's just a software thing. You need to ask your account manager for a feature request, unfortunately.
-
If you are seeing random probing attempts to HTTP filenames in the audit log, then that is the SSLVPN server service. Username brute forcing - there are many threads about this on here from April-May, eg
-
It's unlikely that something as apparently simple as inbound NAT [ie, "port forwarding"] would be broken between releases. I suggest you carefully review your access rules and NAT policies, test, check the counters are incrementing on the access rules that you think are in use, then upgrade and repeat. Do a packet capture…
-
Not likely, no. There is nowhere near enough information in your question to get anything other than guesswork responses.
-
"Ask yourself one question….do you feel lucky, firewall administrator?" OK, 7.1 is not quite that bad. We have upgraded a handful of smaller sites to 7.1 but there is absolutely no rush to roll this out any further. If you don't need anything new in 7.1 then I wouldn't bother. In answer to my/your earlier question, yes,…
-
I can confirm that downgrading [in the supported manner, not just, re-upload the old firmware and boot off it with current configuration] from 7.1.1 to 7.0.1 works fine.
-
Post some more details and an actual question and you might get some useful answers.
-
Just bear in mind that FastVue is not a general syslog collector for Sonicwall, it's more focused on user activity reports, etc. If you send syslog to it and want to go hunting for some specific log entry, it's a bit of a struggle.
-
If you're not sure what you're doing, then the AP management needs to be untagged. This will not work if X4 [ie, untagged VLAN] is unassigned. I concur with Preston, it would be simpler to use PortShield.
-
VLAN 200 should be easy - this looks like a straightforward config, so if VLAN 200 isn't working then you probably haven't tagged it in Unifi. Or maybe you didn't create a DHCP scope for VLAN 200. What is the AP's management VLAN?
-
PPP was OK on Gen6 but IME it's a bit flakey on Gen7. For HA, it's always worth using a router to handle the PPP login instead of the Sonicwall. If it's just a backup line then the extra layer of NAT may not be a problem, but if its, you can ask your provider for a routed subnet.
-
If there is already a DHCP server in each network, then what is the helper going to be doing? Your "real" question seems to be, how can I connect the two networks together? I think you need to take a spare interface on each firewall, connect them together, configure a network between them for routing and create a static…
-
You are never going to get them working. They are licensed features and it hasn't been possible to buy the licenses for nearly 5 years.