Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
Doesn't look any different to 7.
-
Management services are enabled per-interface [look at checkboxes]. Each one enabled then creates access rules in that zone [look at WAN→WAN access rules] Other services: SSLVPN, this is enabled in the SSLVPN settings per-zone. Again, enabling creates rules as above. DNS proxy? I am not sure if it's possible to enable this…
-
TBH, it hadn't even occurred to me to just google it! Behaviour in the packet capture looked so odd I thought there was no chance of fixing this.
-
In the "stop paying, and your firewall shuts down after 90 days" business model, I wonder which is more likely: a) Customer thinks "this Sonicwall that I've only had for a year or two already broke! I need a replacement quickly but I'm not buying one of these again!" b) Customer renews their Sonicwall after a short break…
-
We understand that in some cases our products are being used by smaller businesses who may not be aware of the need to patch or may not understand the steps to take, so we want to ensure that they do not remain unnecessarily exposed to critical vulnerabilities. So this is about on-premises equipment and not cloud services,…
-
Yes, groups are used instead of individual objects, when all members of the group should be treated the same. Which is not to say that blocking IPs that do ports scans is a worthwhile use of your time :D
-
ARKWRIGHT: Thank you for the suggestions about using a second WAN interface. I will check with the network techs at the DC to see if this is an option. This cannot not be an option. The only "optional" bit about it will be if they'll let you use two ports at once or not.
-
You might be able to manually add a static route post-connection to override this - but if that was the case then I would have expected the connected route to take precedence anyway. Windows networking is not my strong suit!
-
I dont think tunnel-mode VPN would work, because ultimately we would run into the same issue (same tunnel gateway IP) I think it will - when I need to "mesh" 2x sites together each with 2x WANs, then it's 4x tunnels, each one bound to an interface. But if there's no need for the traffic to use the VPN, then this complexity…
-
What is regular firewall traffic? Connection open/close?
-
No, that's at the firewall end. It's simply NATing all packets RFC1918 when going out of WAN, which is a reasonable thing to do. Your issue is client-side.
-
You can't have multiple WAN interfaces in the same network. So you would have to change X1 to be something else, before assigning X1's old IP to X8.
-
I think you will need tunnel-mode VPNs with route policies to do this https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-a-tunnel-interface-vpn-route-based-vpn/220428013352773
-
That's pretty odd behaviour. It's not your end doing the port remapping, it's them, so that NAT policy option won't make any difference. The only way you're going to get this working would be to forward port 3479 to the device in question.
-
Firstly, it doesn't necessarily say it is or isn't a firewall appliance here, this might be about cloud services. Secondly, I think they've started a new sales model with the TZ80 where you're "subscribing" to the firewall. Presumably the hardware is going to be cheaper in exchange for greater recurring revenue. So this…