Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
If your firewall has a public [aka 'global'] v6 IP which can receive inbound connections and your mobile provider gives you a global v6 IP then that should work.
-
Using proper FQDNs is your only option if you must leave HTTPS open to the world for SSLVPN and have to pass PCI scans. You might even find it makes your life easier one day when a site change IP address; then you don't have to reconfigure the VPN clients.
-
Well, Failover & LB is combining the ISP bandwidth and it offers different strategies to do this as appropriate, so you're already doing this. You won't be able to achieve the throughput sum of all the WAN links with a single flow unless you do per-packet LB but like BWC says this needs co-operation with the ISP [or some…
-
Are you talking about aggregating VPN or general internet traffic? SD-WAN really applies to VPN, not internet access. Failover & LB features in SonicOS for WAN aggregation have been stable and usable since SonicOS 4. Set the expected throughput on the WAN interfaces and add them to Failover & LB groups as appropriate. Pick…
-
This looks like what you want......except it's asking you to fill them in when you're installing it and doesn't say if it's available as a parameter to msiexec.
-
One reason to keep the TZ500 would be so that you could have a backup WAN at the main office site. Of course it doesn't need to be a TZ500 to do this but as you've already got it....
-
I think you just need to make up a /30 network to use on Colo:X9-Main Office:X?? then set your default route on main office to Colo:X9 IP.
-
Can anyone clarify if the SSLVPN web interface is affected here? This makes a massive difference to how serious this is for our "fleet" - we tie down remote management to specific IPs, but SSLVPN login is available from everywhere [well, select countries, anyway].
-
Don't forget to add the remote subnet to the SSLVPN client routes [or use tunnel all]. And a route back to your SSLVPN client subnet.
-
You didn't say how different. As you are logged into the management interface, then it has to differ by at least 1.
-
Somebody else must be watching because it's been updated now :)
-
I see this was updated today. The "Constraints for SD-WAN Groups" were amended but "Constraints for Member Interfaces" were not.
-
If you want to disable a specific event ID that has been logged recently, you can do that from the log view by clicking on the....two pipes?: But me having to explain this just highlights another pile of WTF that comes with the Gen7 UI - these stupid GUI elements that disappear and reappear as you move the mouse around.…
-
Great stuff.
-
Do the network separation on the device labelled "Access Sw". Domain A goes in one [or more] VLANs, Domain B goes in one [or more] other VLANs. Domain A's VLANs go to the relevant Sonicwall, etc. No need for any L3 capabilities on your switches here, all L3 is handled by the relevant Sonicwall.