Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
The most straightforward way to do this would be to create a new zone for each one and put them all in their own zone. Create access rules to allow the traffic you want. No rule = no traffic allowed. Yes, you could achieve what you want by leaving them all in the LAN zone and creating the appropriate rules, but going…
-
Yes, I am familiar with the web interface, the point I was making is that physical monitoring of a virtual interface doesn't - on the face of it - make any sense.
-
You wouldn't be able to manage the firewall on those IPs any more. I am not sure what the meaning of "physical" monitoring of a VLAN is.
-
Did you do what I said in my first post?
-
Generally speaking, no, you can't configure overlapping IPs on SonicOS. From your diagram it seems like you are wanting to use the Sonicwall as a switch. Two possible approaches: Use multiple physical links on the Sonicwall and have a portshield group for each tenant Configure the VLAN subinterface in "Transparent IP…
-
What could be the wrong with this setup? Giving the AP the same IP as the firewall will prevent anyone from getting out to the internet.
-
If everything is already allowed then another allow rule isn't going to fix anything.
-
Find the IP address of the two devices, start a call and leave it running whilst checking the Connection Monitor. Filter in the monitor on the IP of the phones [I am assuming we are talking about hardware phones here]. Look in the connection monitor for connections that have TX bytes and 0 RX bytes [or vice-versa]. Those…
-
AFAIK, "cache add cleanup drop the packet" is when the connection was closed but one side or the other keeps talking. The further responses are dropped, because the connection is gone. Are you monitoring quality of this connection? Is it likely that this is caused by serious jitter? When you say "use the VPN client" do you…
-
What is the mean policy drop? which one policy droped? where? That's a very good question, and not even specific to this management issue. Even a UUID of the rule that dropped it would be a start! On calls with Sonicwall support where they themselves have been trying to troubleshoot this, they couldn't give an explanation…
-
The less certain you are, the more overlap you will need between moving services to new WAN and cancelling old ones. Regarding the connection monitor: only traffic that is allowed will ever appear in there. So don't take lack of a connection in the list to mean that nobody is trying. If something is trying and they are…
-
MTU?
-
It makes sense to me - the management interface of the firewall should be protected to the fullest extent possible, and having to explicitly enable management on an access rule, in addition to enabling management services on the interface, is a price worth paying. Although usually enabling management creates the access…
-
There must be something different in the developer tools network trace between the page load working fine on one line and loading slowly through the Sonicwall. This is your best hope of tracking the issue down.
-
If Sonicwall don't implement this feature themselves then your only hope would be to write your own tools, for example, using the API.