Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
Both of the networks need to be included in the site-site policies at both ends of the tunnel, otherwise they won't be available. Once you have green lights for both networks, then you can look at adjusting your access rules to suit the access you want to allow. By default the access rules will be created to allow…
-
Then I suggest you post a whiny thread in your switch vendor's forum about the absence of such a feature, then ;-) But seriously, I had a customer with PoE-powered door access equipment who wanted daily reboots due to it being a bit flaky. The switch itself did not have this as a feature, but it was possible to use snmpset…
-
Just put a scheduled reboot on your PoE switch. Problem solved!
-
What's at the other end? If your Soho250 with variable IPs can be the firewall that brings up the tunnel, then just leave it as 0.0.0.0 and set it up with a manual IKE ID, like you would with any other IPsec tunnel with a dynamic IP. If you can get it working like this then you don't need the extra complexity.
-
You need to click the three horizontal lines at the bottom left to make them as similar as possible. Given what you've said so far, I think explaining how to use the CLI to export and import configuration is beyond the scope of a forum thread.
-
No need to create it, it already exists and is called "Default Active WAN IP". But it's no use to you here becase you can't use an address object in the Gateway field of a site-site policy. I think you need a dynamic DNS FQDN and to put that in at the other end? Just bear in mind you can have two entries for the remote…
-
I have also setup primary/secondary monitoring IPs in the HA settings, and sometimes the x.x.x.1 gateway plus the two x.x.x.253 and x.x.x.254 will all appear, but sometimes one of those monitoring IPs will disappear from Unifi's ARP table This isn't necessarily a problem. You'll only have ARP entries on the switch if the…
-
Have you tried the migration tool at mysonicwall.com? If it won't work for you then at least you can use the CLI to export objects from the old firewall and import to new. Failing that, if you really must do it all manually then you can make the SonicOS 7 UI look like SonicOS 6:…
-
Assume you're talking about Global VPN Client here. Second screenshot. As soon as you change it on the firewall it will need changing on the client too.
-
You can put a Sonicwall in transparent mode between the Luxul router and the ISP device, but TBH I think this would be unnecessarily complex and expensive - just move the routing functions from the Luxul router to the Sonicwall and dispense with the Luxul. I know nothing about Luxul, perhaps there is some feature or…
-
Use routed mode. One tunnel per pair of WAN links. Or fill in both public IPs on a "normal" site-site tunnel.
-
Usually one end or the other will say in the logs what exactly doesn't match between the two configurations. If you're getting INVALID_ID_INFO then configure manual IKE IDs at each end, eg choose Domain Name and choose some random string for each side.
-
You haven't mentioned access rules at all. So, is there an access rule that would allow this traffic?
-
I think in this instance the "loopback" interface on the Sonicwall could be substituted by means of a NAT policy. This is what I do with routed subnets where no IP in that subnet actually lives on an interface of the Sonicwall - there are simply some inbound and outbound NAT policies referencing an IP from the subnet. The…
-
You don't necessarily need to disable NAT, your requirements would determine that, not them. There is not enough information in your post for us to tell you exactly how to configure your firewall. What we have is an overview, mentioning some protocols and concepts, but without specifics. I think you should ask them for a…