Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
Thank you, that is helpful. The site will have to be accessible from other sites and cannot be limited from just one location. That's the default with GVC and SSLVPN - when enabled, it's reachable from anywhere remotely.
-
No responses at all suggests wrong public IP at one end or the other. Does a packet capture show IPsec traffic arriving?
-
NAT policies, specifically the translated source IP. But like I said, the only way I can see this "working" like this would be if the NAT is being done upstream of the firewall. If you are sending out packets with a source IP of your default gateway, I can't see how you will ever get the replies. Maybe someone else can…
-
I should clarify my previous reply, Monitor value of SNWL-COMMON-MIB::snwlSysSerialNumber.0 on the virtual IP address, not the individual management IPs!
-
Just re-read your first post. If general internet access is working for you at all, then this must be the upstream doing NAT. If you had misconfigured your firewall to use the IP of your default gateway as its source IP, then the replies would never get back to you and nothing would work at all - your attempt to browse…
-
Do a packet capture, do you see packets leaving the interface with a source IP of .9? If yes: It's a config issue on your firewall. If no: Whatever is upstream of you is NATing your traffic to .9
-
If you've created SSIDs in Unifi with VLANs, then whatever the APs are plugged in to needs those VLANs on too. The Sonicwall would need VLAN subinterface(s) to serve those networks.
-
Raise a feature request for RFC4638 support with Sonicwall. Would be great if you could do that from here but they usually refer you to your account manager for some reason.
-
If you don't know what you're doing then your safest option would be to use Teamviewer or something of that ilk. It's not clear what your actual question is here, or how it relates to this thread.
-
I am pretty sure there was some change in behaviour between versions here. IMO this is not a "workaround" - the management checkbox on access rules surely only means management of the firewall itself, and if it happened to allow other traffic previously, then that was a bug.
-
I think you need two allow rules. One allow rule for management of the firewall itself, destination = the firewall, allow management = ticked. One allow rule for management of the devices on the network, destination = the subnet, allow management = unticked. "Allow management" specifically refers to management of the…
-
Yes, this one really irritates me. Seems ludicrously short-sighted. It's not just that the firewall will generate names over this limit, also it will generate names close to the limit and by the time I add [say] the device name to the file, it's too long. Sure, we can upload files that are hundreds of MB, but can't spare a…
-
No, licenses are not exported with the configuration.
-
Disable and enable stateful sync in the HA settings, see what happens.
-
On the SA(s) that contain(s) your SSLVPN subnet, do you see TX/RX bytes accumulating?