Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
There is a certain amount of non-volatile logging done to the tracelogs which you can only find by going to /diag.html. For example, when a firewall reboots unexpectedly, the normal log starts at "Initializing…" but in the trace logs it might say something like "watchdog reboot". I should think that unexpected failovers…
-
but you'd have to use separate switches. No, he wouldn't. He doesn't need DHCP in this second network, so having two L3 networks in one L2 network will work, even if it's not the "prettiest" solution.
-
It's a bit tedious to do this on the firewall, but you can configure individual log events to go to email. You can probably also send them as SNMP traps. The "right" way to do it is to send everything interesting to syslog and then use your syslog server to act on events as you see fit.
-
So start a packet capture with .94 as the destination and attempt to connect to it from outside. What do you see?
-
Look at first reply to this thread: If they do not belong to the same subnet as WAN Interface, you can use static ARPs I assume that as you are NATing 1 IP up from your WAN IP, then it's in the same subnet? In which case, no manual anything with ARP entries is required, simply create the NAT policies and the firewall will…
-
If you connect to the wireless, can you ping 192.168.1.1?
-
This should be pretty straightforward. One thing to watch out for is that even if you have NAT policies for additional public IPs fully configured and working, you will never see those additional IPs in the Sonicwall's own ARP cache, even though the Sonicwall is sending/receiving ARP for those IPs. So don't let that…
-
Will this work, with the only change being instead of just management being available from the 2nd subnet, we want all traffic, as well as Internet access, by changing it to "All" for the service? Have you tried?
-
The player trying to send multicast packets will not be how it reaches the internet, so that is a red herring. Filter your capture to "dropped packets only", filter out multicast destination IPs and try again.
-
Yes, you can use the SFP+ interfaces for LAN, WAN or whatever you choose. Actual throughput you will get depends on many variables and is difficult to predict. I think we can say that NSA2700 will be faster than TZ370.
-
It depends what "inactivity" means. If it means "no packets at all across VPN connection" then the problem you will have is that there is constant background noise of traffic there, even if the user is doing nothing, especially if their DNS traffic is going across VPN. But 5000 hours = 30 weeks. It's more likely that this…
-
"Only" 900Mbps? You will only ever get 940Mbps TCP/IP throughput with 1Gbps ethernet anyway, so they're not missing out on much. Yes, you can use the SFP+ interfaces for LAN, WAN or whatever you choose.
-
It deleted by pre-upgrade backup and now its not letting me downgrade. Saving a local copy of a backup should be part of everybody's firmware upgrade routine.
-
Have you tried IKEv2? IME, it "tries harder" to keep a VPN alive.
-
This is nothing to do with Zone configuration or access rules. This is going to be something more fundamental, like, you have the different L2 networks connected to each other somehow, so clients can end up with IPs in the wrong network. Are you seeing these client leases in the Sonicwall? ie, are you sure it's actually…