Comments

• Hi @Trevor usuaully within one hour the LDAP users should be imported into the usermap.xml. You can find the frequency setting at 'Manage -> System Setup -> Server -> LDAP Configuraiton, lokk at Global Configurations. To check if your usermap.xml is current you can download it at Manage -> System Setup -> Server ->…

  in How long does it take for DHA protection to see new e-mail addresses in Active Directory? Comment by BWC January 2021
• Hi @Connex_Ananth I'am a bit out of ideas at the moment, I only get the mentioned error message when Group Technical is not a member of SSLVPN Service Group. Your above screenshot showed the other way around which will not work. But you mentioned that you tried both ways, then you should be golden though. --Michael@BWC

  in SonicWALL Firewall SSL VPN with RADIUS + FilterID 11 Group Mapping Comment by BWC January 2021
• Hi @Connex_Ananth I double checked again and all the instructions were correct. You're still getting this "User doesn't belong to SSLVPN services group" message? Your user authentication method is set to RADIUS + Local Users? Are you able to login with a browser session to your SSLVPN Port? If not, what's the error…

  in SonicWALL Firewall SSL VPN with RADIUS + FilterID 11 Group Mapping Comment by BWC January 2021
• Hi @Connex_Ananth just to be sure, you've put your Sales and Technical as members to the SSLVPN Service Group? It seems the other way around which is IMHO wrong. Another option might be to have a Filter-ID SSLVPN Services as 2nd group returned, then your users will be able to use the SSLVPN service. --Michael@BWC

  in SonicWALL Firewall SSL VPN with RADIUS + FilterID 11 Group Mapping Comment by BWC January 2021
• HI @Connex_Ananth finally a Radius related question, makes me happy, I thought I'am one of the last Dinosaurs using that protocol, usually on SMA but I tested on my TZ for ya. First, it's working as intended. Filter-ID gets recognized, you have to create the group first on the TZ and put this group into the SSL VPN Group…

  in SonicWALL Firewall SSL VPN with RADIUS + FilterID 11 Group Mapping Comment by BWC January 2021
• Hi @John_Lasersohn I resetted the TZ to factory defaults (R906) and configured the Tunnel Interfaces all over and it still selects both space sperated interfaces, so it's not update related. --Michael@BWC

  in SonicOS 7.0 Comment by BWC January 2021
• Hi @JD1995 you could either use a wildcard certificate *.example.com or a MDC with multiple SANs (vpn.example.com and vpn1.example.com), on the long run I always went better with a wildcard to cover multiple portals. If you wanna stick with a single host certificates you need to create a 2nd portal with the dedicated…

  in SSL Cert for 2nd domain name Comment by BWC January 2021
• Hi @DOtero a CSR usually never comes with the private key, because a CA does not and should not have your private key, ever, ever ever ever <just wanna making my point here :)> You can only have one certificate active on the appliance. but SAN certificate is fine. You need to import the cerficate chain and the issued…

  in CSR pending , upload and installation of multi-domain SSL is not working Comment by BWC December 2020
• Hi @SWuservpn as long as you're not tagging on the Firewall (by using Virtual Interfaces) you can completely ignore the VLAN-IDs. The traffic will leave the firewall untagged. Does not matter though if it's somewhat VLAN2 on the firewall and VLAN1 on the switch. --Michael@BWC

  in About switches connected to NSA2650 Comment by BWC December 2020
• Hi @Enzino78 I'am only doing some calculation here, but 3x PoE+ results in 90W (3x 30W max) output, which should be driven easily by the 180 W external power brick that comes with the unit. --Michael@BWC

  in TZ570P power budget Comment by BWC December 2020
• Hi @RedNet I'am still waiting for the customer to have this unit deployed, got postponed due to the holidays etc. But in my opinion their is no real show stopper. Waiting for another unit for the next location, but stock seems a bit short. No real world values for you so far, but I do not expect any real enhancement over…

  in SonicOS 7.0 Comment by BWC December 2020
• Hi all, another gem I found is related to VPN Tunnel Interface names and Routing policies. If the interface name consists of a term of two or more parts seperated by space it cannot be selected separately any more. All interface names starting with the same term/word will be selected at once, so chose wisely. You can…

  in SonicOS 7.0 Comment by BWC December 2020
• HI @Vanguard but any user can assign a static IP and therefore should not be trusted, IMHO. But of course a valid technical possibility. --Michael@BWC

  in Assigning a Static IP to a Specific User Comment by BWC December 2020
• Hi @Phil_G to figure out what's going on, you should start a Packet-Monitor on both sides for ICMP (ping) with Destination Address on the remote site which you're ping via SSLVPN from the local site. Then you should see if the echo request reaches your remote site. You should make sure that your routing policy covers the…

  in Connecting to second office through VPN Comment by BWC December 2020
• Hi @shiprasahu93 I was not a participant of the Gen7/TZ Beta program, but I'll keep away from the P-Release on my retail units though. Which is a bit odd, because in the past I could install Beta releases on Retail units. If @Saravanan do not have any more information about the different flavors like Maintenance, Early and…

  in SonicOS 7 - Version numbering Comment by BWC December 2020
More Comments