Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
I might be insulting your intelligence here, but "No link"? Never going to work so long as there is no link!
-
This isn't something you can enforce firewall-side, if the client re-requests the same IP then the Sonicwall will oblige if it can. Might be easier to leave everyone on DHCP, then out of hours every evening change the firewall LAN IP to a new subnet, and then by the morning all clients will have new IPs ;-)
-
Start your own thread, your question is completely different to this one.
-
you simply maintain it. So long as you don't include keeping it up to date in your definition of "maintain" 😉 I understand @samaj's frustration - why do Sonicwall [or anybody else] ship anything with bugs in? But unfortunately, that's simply the reality of modern software. Millions of lines of code, tens or hundreds of…
-
It literally doesn't matter what the complaints are, if you've just installed a firewall but haven't put up to date firmware on it then you are entitled to some share of the blame.
-
What do you mean by "BGP assigned public IP address"? BGP is a way of exchanging routing information, not assigning IPs, right? I feel like your real question is, how do I bind a VPN policy to an IP that doesn't belong to an interface?, to which I think the answer is "you can't". Even though all vpn traffic goes out from…
-
The ports themselves can be pinged, but the devices and clients behind them not. The "Allow Management Traffic" option is specifically to handle traffic to the firewall. I wouldn't expect this to work when the destination is not the firewall, although it might.
-
Is anything actually not working? I saw this too, and when someone pinged between one of the "down" tunnels, it came up and all was OK. I would think "keep alive" would avoid this micro-issue, however.
-
Hackers try stuff all the time. It's their job. Your job is to allow the minimum possible level of access and keep your systems updated. For example, if you have GeoIP filtering licensed and your user base is in a known list of countries, then restrict public access to SSLVPN services to that list of countries. If you've…
-
@apanchal697kwt I have never seen a failover without some corresponding event in the tracelogs. The events may not say why, but at least they will say that the firewall transitioned from one state to another.
-
[not sure why it let me post an empty response, and there's no delete button]
-
There's not enough of a question here to give a useful answer to.
-
Yes, it's possible to only allow specific services across VPN.
-
One of customer's users had this issue with SSLVPN and they had to ask their ISP to disable adult content filtering. The ISP seemed to assume "access to a VPN" = "bypassing content filtering".
-
our login page is customized to the point where it is not recognizable as a Sonicwall product. See, I wasn't going to bother with an elaborate reply originally, but you've forced my hand :-) I don't think it's reasonable for Sonicwall to commit to keeping the page structure/resources/POST destinations/etc identical between…