Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
Quickest way would be to disable SSLVPN service on WAN zone but you might find this annoys people who are using SSLVPN for remote access. "Major Version" leakage is insignificant IMO. You can simply tell by the colour scheme [for example] whether you're looking at a Gen6 or Gen7 login prompt. If it says "Dell" you can…
-
And even if it's not, AFAICT this CVE is about the management interface, which does NOT need to be reachable from untrusted networks anyway, right?
-
My guess is that Office 2 firewall does not know how to reach GVC IP addresses, in this case 192.168.168.62. The 192.168.168.0/24 [guess] network needs to be part of the site-site subnets for this to work.
-
Identical issue: Fixed with HFGEN6-2333
-
Given that you would be writing the software that invokes the API, then what time it does anything is entirely down to you.
-
X11 WAN IP "B" <> second public webserver LAN 192.168.1.5? Both pass through X0 Yes. This is a totally normal thing to do and can be achieved with the relevant access rules and NAT policies. Much less inexplicable than Plan A was :-D
-
Users list suffers from a sorting issue too. You can sort alphabetically all you like, but if you haven't scrollscrollscrollscrolled to the bottom of the list before you sort, then you won't get what you're expecting.
-
What APs are you using? Do you have client-client isolation enabled? If they're not Sonicwall APs then client-client traffic is not going to be going through the firewall. If they are Sonicwall APs, I am not sure.
-
You'll find them at Network -> Switching -> VLAN Trunking -> Reserved VLAN Information They are for connectivity between the internal switch and the firewall CPU. eg, X2 might be mapped to VLAN 2. I think if you don't have a Switching menu then you don't need to worry about it.
-
"Policy not found" is not referring to ACL, it's referring to an IPsec policy, ie, a configured VPN tunnel. Have you got both of the public IPs configured on the tunnel at the other end? From your description, I wonder if perhaps sometimes the IPsec traffic is coming from the backup WAN interface, for whatever reason.
-
FWIW, here are some details on reloading a 'wiped' device from USB. So, TZ570 is Marvell Octeon TX2 CN9130 SOC with a quad-core ARM64 CPU at 2GHz. There is support for some of this hardware in OpenWRT, but your obstacle is still going to be the bootloader, and initialising the switch chip. It probably has a 10G link to a…
-
For whatever reason, Gen7 boxes don't state what CPU they use, whereas Gen6 did. I think you can safely assume that the bootloader is locked and you won't be running any other OS on it. I echo what has been stated above, you will get further by simply selling the TZ270 and buying some unlocked hardware instead if you want…
-
I am just guessing here as it is not explicitly stated, but I think they pair "clients" and "servers" across ports until all ports are in use, and publish the aggregate figure of maximum throughput attained. Whilst this figure might be interesting to some people, it doesn't reflect how I deploy firewalls. Out of the…
-
What type of site-site VPN is it? I seem to remember I had to create an additional route policy with the firewall X0 IP as the source to get syslog [and SSO/LDAP queries] to work over a tunnel-mode site-site VPN. Additional, as in, additional to the route policy for LAN subnets that you would assume would include the…
-
how do we know if multiple port pairs were tested with the TZ500 vs TZ570? Because that wording I quoted is on the respective datasheets for the two models. also how do we know how many Packets Per Second a Firewall can handle before its maxed out As Sonicwall don't appear to have published that metric, then you either…