Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
In the tarball there is a script called uninstallNetExtender. Run it, I guess?
-
I don't know what drop code UDP flood protection uses, but that might be worth checking.
-
Also have this issue with HA firewalls. Had to add route policies with a source of "HF Backup X2 IP" and "HF Primary X2 IP" in order to be able to use the additional management addresses. Gen6 "Just Worked" in this regard, no need for apparently redundant routes.
-
You can put interfaces in different zones in L2 bridge mode but have them as the same network [ie, L2] with zone>zone access rules. Not sure how that fits in with "internet traffic of the test clients would go through the Sonicwall." though. It's possible that simply NATing the [untrusted?] clients would work around the…
-
Tallies with my experience, unfortunately. Encapsulating everything in TCP is not a great place to start from for performance, and even the slightest packet loss will degrade it even further.
-
Create a NAT policy that matches the above conditions and make sure it's ABOVE the default NAT rule otherwise it won't take effect. Observe the hit counter on it when you're testing.
-
I don't think it's possible to have different user groups assigned IP addresses from different networks, but you can still have the access controls you want. Just because a GVC user appears to have an IP address on your LAN, doesn't mean that the firewall isn't restricting what they have access to.
-
"Virtual adapter settings: None" Doesn't require DHCP.
-
Does the VPN-> LAN access rule for this traffic have "Allow Management Traffic" ticked on it? I think I had a similar issue and the fix was creating a route policy with a source of Any and a destination of the PRTG server. This was a stupid fix because there was already a more general route that should have matched this.
-
Thanks for this, I will check that they're there after the next reboot. I had actually left this off because of the ambiguous warning about overlapping with other auditing logs.
-
If you have two USB 4G and 2x SIMs then you're paying for 2x SIM rentals, which seems a bit wasteful for a backup-of-a-backup WAN. A vote for 4G ethernet router here.
-
DHCP services are assigned to interfaces. Interfaces are assigned to zones. So don't be looking for DHCP at a zone-level because it doesn't live there.
-
To re-phrase what I said in my first post, Sonicwall SD-WAN is a thing you use between Sonicwall devices over VPNs. It's not relevant for aggregating internet connectivity. It's supposed to be a substitute for MPLS connectivity Sonicwall also have some Youtube videos about this as well, although I am not sure if they…
-
What I think [thought] the point of the conversation is, that you have to leave the SSLVPN login port open to the world to be useful for VPN clients to connect to. If you don't have a "trusted" third-party certificate in use for the service, then some pen testing tools/services will interpret that as a…
-
I was only talking about SSLVPN here, not site-to-site. Site-to-site is not SSLVPN. Yes, site-site can use FQDNs too. I am not sure it's relevant though, I've never used a certificate for a site-site IPsec tunnel. Once you need more than a handful of SANs then a wildcard cert is more cost-effective and far more flexible.