Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
I can't tell you exactly when this was fixed on Gen6 but I do remember this issue and I know it went away after an update. 6.5.4.7 is pretty old anyway, there will be plenty of other reasons to update too.
-
Just turn it off completely. You cannot act on it, so no point alerting on it.
-
Not quite.....that packet capture almost certainly shows that 41473 is a source port, ie it is randomly generated by the client. Source ports are irrelevant to access rules 99.9% of the time. So the packet is probably dropped because the destination IP does not match. I see an RST in there, the Sonicwall removes the…
-
Tick HTTPS management on the interface. Make sure WAN -> WAN access rules allow HTTPS management from where you want to manage it - for security reasons you should keep this list as small as possible.
-
What firmware version was support for TLS 1.3 license manager connections added?
-
That's correct. I suggest you test this first before celebrating, however. There may be some wrinkle with how this POS software expects the L2 aspect(s) of this connection to work. E.g. there may be some non-IP traffic that GVC doesn't carry. I'm just guessing here though, I don't understand the L2 requirement in the first…
-
No, I specifically mentioned GVC because it can [or will by default? Can't remember] assign the client an IP out of the firewall's X0 subnet.
-
POS, indeed! No, Sonicwall cannot bridge L2 networks across L3. If the POS system is Windows, you could install GVC on it and "get" an IP from the 1st location subnet. It would then be "in" the same subnet.
-
Ping to what? I use NetExtender regularly, and ping to things on the network I am remoting in to works fine. I don't recall trying to ping the firewall itself over a NetExtender connection, however.
-
You can't use the firewall to protect your LAN from the NAS if you plug the NAS's LAN port into your LAN. You need to use only one port on the NAS, connected to an interface on your Sonicwall configured with zone DMZ. Configure LAN -> DMZ and WAN -> DMZ access rules with the bare minimum of allowed services required. You…
-
I am reluctant to reply to someone who gives no hint of having googled the question they're asking, but here you go... https://www.sonicwall.com/support/knowledge-base/how-to-migrate-settings-from-gen6-to-gen7-firewall/230610111734153/
-
The client randomly generates the source port. The port is not "open" in any meaningful sense. It will not accept new connections from anywhere, it will only accept packets from the destination host:port. This is not specific to RDP, this is how TCP works.
-
If the thought of all the click, click, click needed to add 50 probes bores/terrifies you, use some other tool to create text config and CLI to apply it. You can generate email alerts from network monitor probe state. But this would only work if the client device responds to ping. There is no distinct log category for DHCP…
-
If you want individual IPs on X1 for each firewall, set them at HA -> Monitoring and tick Management on them.
-
Whenever I have seen this, it is because my password manager is filling in one password field [but not both, thankfully] for the user with my password. This is not a Sonicwall issue!