Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
I think I have completely misunderstood your question, sorry. I thought you meant your WAN IP was DHCP and sometimes the ISP gives you the "wrong" address. If your intention is that the majority of client devices have a fixed IP allocated with DHCP, how about just disabling the dynamic pool entirely? Then when a user with…
-
If your issue is that your firewall should have one specific IP and you want an alert when it gets a different IP, then I would sign up for some external monitoring service and ping your firewall from there. This would alert you when your desired IP stops pinging. This would monitor the quality of your WAN connection as…
-
Use access rules to control access if it's going to be asymmetric. It is better if both sides agree on subnets at either end of tunnel because otherwise you get noise in the logs every time the VPN renegotiates.
-
As an example, Microsoft cloud stuff refuses to work if you MITM the SSL connection. Given that, there's no way the firewall can get the level of detail about the connection that it would need in order to determine who the tenant is.
-
What does "function properly" mean? For example: GAV signatures will stop updating but otherwise GAV will carry on working? GAV will decide it's unlicensed and cease completely? Cloud backups will stop happening? SSLVPN user licenses will disappear? That page recommends upgrading to "the latest version", but that's good…
-
Logical probing is better because it covers you for a failure further upstream in your ISP's infrastructure. Having it enabled on your backup WAN is still useful because it will log the state of that WAN, giving you information on how reliable that WAN is, that you might not otherwise be aware of with it only being a…
-
Does that VLAN exist on the switch?
-
Do you see the connection attempts in the connection monitor? If you have added the allow rules but it still doesn't work then I am inclined to believe that the issue is not the firewall.
-
The Access Rules were still shown and should have allowed the traffic, Yes! Seen this quite a few times on Gen6. Never worked out what the root cause was but the workaround was to create an allow rule very similar to the automatically created rule that somehow didn't seem to allow what it should. It always seemed to show…
-
Nope, haven't seen this. I would definitely have noticed as I look after many firewalls connected with VPNs, and heavily monitored.
-
Check zones for the interfaces. Create Test -> LAN and LAN -> Test access rules to allow the traffic you want.
-
Just to reiterate, you have 8 public IPs, not 5.
-
Lol, I think there will be a puddle of molten silicon in this firewall at 200 groups, never mind 2000.
-
If the ethertype is unknown then there is nothing your Sonicwall can do with this traffic - it only understands IPv4/IPv6. The destination MAC is "(snap type 01A2) Bay Networks (Synoptics) autodiscovery" - this is not going to be internet traffic, this will be some proprietary management protocol used by that Avaya switch.
-
Assuming your provider is routing this /29 to your "1xx.xx.xxx.xx /30" IP address, then create an address object for the public IP of choice and use it in a NAT policy. If you use the /29 just for NATing rather than routing then you actually have 8 IPs to work with, not 5.