Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
You need to configure Client Routes as well in SSLVPN [an annoying defect of the SSLVPN implementation, IMO], it's not enough to just allow user access to the network. Can you clarify whether you mean L2TP or SSLVPN?
-
Start a packet capture on the Sonicwall with a destination IP of the public IP that you are trying to NAT. Generate some traffic to that public address from the outside. Does anything appear in the capture?
-
Log -> Reports offers similar functionality. 'Start Data Collection', then you can reset the data collection whenever you like.
-
FWIW, a quick Google suggests that Windows 10 [so I would have to assume later versions as well] ships with tar tools already installed. A quick Google couldn't tell me when this was added.
-
The "problem" is that you don't have software on your machine that can open a gzipped tar archive? I am not surprised that Sonicwall aren't prioritising this, given how trivial it is to work around yourself. Note that there is no inherent security in tgz file, it's not necessarily encrypted. Unlike the inscrutable…
-
IME, when something odd happens with DHCP serving, disable/enable the scope will fix it surprisingly frequently. I have seen this with Gen6 and Gen7 firewalls.
-
Pick a unique public DNS server [ie something that client devices behind the firewall aren't using], start a packet capture to that IP on port 53 and re-try your diagnostics. The reason you want a unique DNS server is that the capture would otherwise be overwhelmed with client requests as well as the actual Sonicwall DNS…
-
I can't think of any reason to put your WAN IPs in the VPN subnet. If you have them in there, that would explain why it stops working when the VPN is up.
-
There aren't individual event IDs for up/down, only a single event ID for state transition, so you cannot do this from the Sonicwall. You would have to parse the events with whatever you're receiving them with.
-
Enable ping management on WAN interfaces. WAN>WAN access rules. Edit the automatically-created access rule for this if you do not want it to be pingable from everywhere.
-
On the users, what networks do they have access to?
-
Ah makes sense. Good catch.
-
Do you have access to logs on mail server where it submits mails to? From memory, the log is split into multiple emails. Is it consistently the nth one every time or is it random?
-
Yes, that's pretty much it. My suggestion amounts to transferring pretty much the entire configuration of the Sonicwall to the UDM. I can't give you a list of all the steps. I suggest you break it down in to tasks and google each one [eg setting up DHCP, configuring port forwards, configuring the WAN interface, etc]. At…
-
You can put the firewall in L2 bridge mode, but you're only going to see everything originate from the IP of the UDM. So when something gets blocked, you won't know what it is, just that it's something behind the UDM. You could disable NAT on the UDM [probably, don't quote me on that] and route between the networks, then…