Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
Before upgrading, always take an on-box backup [and export a backup]. That way you can roll back to a previous version much more easily. Not trying 7.1 until everyone else has had a few months to find all the bugs first :D
-
If your provider won't change the WAN-side addressing, then you will either have to change your LAN side addressing or change provider. If you absolutely must use this provider and use 192.168.1.0/24 on your LAN, then put in another device between the Sonicwall WAN and the provider modem to handle the DS-Lite bit, that way…
-
You can expect more and more of it as v4 IP addresses run out - private v4, global v6.
-
One thing to bear in mind is that you don't have to specify every field when creating something. E.g. don't bother trying to come up with a UUID. Sometimes you can collapse the multi-line items into one line with some keyword, something like 'brief' on the end but I can't remember what it is... Attached is an example of a…
-
Create some network monitor probes on your firewall to ping some things on your LAN that have static IPs. At least then, when you can get back on to your Sonicwall, you can see what the Sonicwall thought was happening on your LAN.
-
You can do pretty much everything from the CLI. If you're not sure how to do it, create one in the web interface first, then show the config to see what you did. Just bear in mind that the Sonicwall CLI can be maddening and inconsistent, but it is better than not having a CLI at all.
-
You have two of the inbound port translation NAT policies added, right? So what exactly are the parameters for the third one that you cannot add? If you carry on adding policies in the way you have then I don't see why there would be a problem. On the WAN>LAN access rule, you can just add all the services to a service…
-
If your error isn't really about the port numbers [I cannot believe the firewall will let you add TCP port 99999 as a service] then it's something else about the policies that overlaps. Post some actual screenshots.
-
I suggest you just give up and change your LAN subnet to anything other than 192.168.1.0/24 :D Are you sure you have DS-Lite? Never used it myself but everything I read implies that you do not get a v4 address on your WAN side with DS-Lite, that's handled by the tunnel:…
-
The OP has not specified what the "relation" between the two public IPs is. If the additional IP is in the WAN interface subnet, then no static ARP entry will be necessary, simply creating a NAT policy will cause the firewall to respond to ARP for this IP.
-
Check "Enhanced audit logging" setting on Management page. You can generate extra log entries with this setting [NOT in the Audit Log section] and this is off by default.
-
Per the TZ400 spec sheet, 900Mbps is the upper limit for IPsec traffic. If you are inspecting the VPN traffic with other services as well, you can expect lower throughput.
-
Bandwidth management is done on access rules. You will need to enabled Advanced BWM to this. NAT policies are used to map different networks to different public IPs.
-
I wasn't expecting your post to be anything like this, given the title :D If your issue is that the connection is unstable, then in my experience, Global VPN Client handles this scenario much better than Netextender does.
-
A diagram might help here. I think you might be saying that there is some kind of CGN going on with one provider and for the firewalls to reach each other through that provider you have to use the private IP rather than the public? Is that right? Do you really mean X0? Private static IP on X0 is totally normal as it can…