Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
syslog is not encrypted so you can determine the format PDQ with a packet capture.
-
If you had answered BWC's question about who is a member of SSLVPN Services then you might have this working by now. Having said that, I assume that Sonicwall support would have had time to check this in a 2 hour call so maybe it's not that simple.
-
The above could work but you would end up with everything in the 192.168.3.0 network using it. If you want more fine-grained control over who uses the site-site as a default route, then you need a tunnel-mode VPN with static routes, and NAT policies at the TZ500 end to NAT the traffic appropriately.
-
An annoying aspect of this is that if I start/stop a packet capture from the firewall [I cannot see how to do this in NSM], this causes a "config out of sync" event requiring manual resync of the firewall from NSM. This is without changing any parameters in the packet capture. It seems to me that this product was not very…
-
Feb 2024 - diff seems to be more useful after an update to NSM. Created an address object, reviewed diff and the diff contains the address object, and the SSO agent key has changed, but I definitely did not touch the SSO settings. So it's not perfect, but at least it is not now in random order and completely useless like…
-
That looks a lot like the OpnSense GUI, presumably this Grandstream is using the same IPsec implementation. Given that you have given us a screenshot of 30+ different fields, I think you should at least list all the ones you don't understand as nobody is going to reply to this post explaining all of them. And probably…
-
Configure a packet capture, tick "Dropped packets only" and filter on the management traffic of interest. Attempt connection. Refresh the capture, check the dropped reason code [if any].
-
The short [but not very insightful] answer is "because that's how it's designed". The things that you can do from NSM are a subset of the things you can do directly from the firewall UI.
-
where would the frame size for UDP Traffic be defined? It isn't defined as such, it's determined by the payload. If you use some noisy application that adds lots of X-something headers to the packets then they will be bigger. The general advice if you have SIP packets getting near to the MTU would be to switch to SIP/TCP…
-
I know nothing about SRX5308 but it could be the case that you have triangular routing with multiple gateways in each network. SonicOS will not like this. https://community.sonicwall.com/technology-and-support/discussion/5110/layer-3-switch-inter-vlan-routing-with-tz400
-
Maybe Sonicwall support team aren't allowed access to Reddit :D
-
Confusingly, "Command Line Interface" is actually part of the name of the tool. The linux version seems to be a different implementation with different options. So, the documentation is technically correct in that the specific bit of software called "NetExtender Command Line Interface" [NECLI] isn't available on Linux. But…
-
You just said "some VLAN", you didn't say which one. Your screenshot showed the object "VLAN-10" in a route policy, so I assumed that's the one you were asking about. Anyway, a route policy to send traffic from one or more networks isn't going to look too different to what I suggested, so I am sure you can work it out.
-
It works absolutely fine from the CLI, been using it for years. netExtender --help NetExtender for Linux - Version 10.2.817 Copyright (c) 2020 SonicWall Usage: netExtender [OPTIONS] [server[:port]] -u, --username=USERNAME -p, --password=PASSWORD -d, --domain=DOMAIN -t, --timeout Login timeout in seconds (default is 30 sec)…
-
Is this the question? I always need some VLAN need to access the internet VIA 2nd internet, If so, let's assume that your second internet is on X2. Create a route policy with Source "VLAN-10", destination of Any, interface X2, gateway, "X2 Default Gateway".