BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
Hi @Auer then Tunnel Interface it is - in my opinion - your mileage may vary. With the policy based routing over the two VPN connections you can control your traffic very granular. It's clean and simple, but you need two VPN connections instead of just one. Maybe that's an issue if you have your licensed connections…
-
Hi @MikeCM depending on the amount of "custom external" zones I would make a judgement call. If it's not that many then Split DNS is the way to go, IMHO. Don't but the burden of all DNS traffic to your VPN, it'll be probably much snappier for the endusers connecting to some resolvers on the internet (Google, ISP, ...). I…
-
Hi @Auer we don't know what kind of VPN endpoint is on the remote side, is it a SonicWall as well? In that case I would definitly go for Tunnel Interface and define two Tunnels one on X7 and the other on X1, Routing with a better metric primarily over X7 and secondarily over X1. That's clear and simple and IMHO my…
-
Hi @sv7874 I can't think of any option like this, if you have a chance leave the pre-defined objects out of the equation and rely solely on your own custom objects. Just create a "My Firewalled Subnets" address group and throw everything in you like to have, but I don't really like that approach because it might hold…
-
Hi @Tularis this can be accomplished either way, but I believe LDAP is easier to setup because you don't need any Radius server in addition. --Michael@BWC
-
Hi @MikeCM that's an interessting question, which IP (Interface) is used for the forwarded DNS queries. In IPv4 Split DNS you can specifiy a local interface for that, but not for the general DNS proxy. Do you really need to forward ALL DNS requests to your 10.0.1.2 W2K16 server or just for your internal Domain? That's…
-
Hi @arjan you should be good to go with the 5.9.2.13. --Michael@BWC
-
Hi @Robert13 thats a bummer, great that you got it sorted all out. Stay safe. --Michael@BWC
-
2019 vs 2020, I would go for 2019 anytime, 2020 is a mess, just kidding :) --Michael@BWC
-
Hi @Robert13 it's a bit of a fishing expedition here, but we should start with the basics. Firewall model and Firmware version? Did you checked with the event log if there are any events showing with SecurityService might interfere? Did you do a packet monitor to see if any packets got dropped? And the most common question…
-
Hi @Alberto two HTTPS (probably) connections are initiated from 10.40.100.x to 10.5.100.1 and they received RX bytes, which means 10.5.100.1 sent them. --Michael@BWC
-
Hi @Network_123 you checked "Enable HTTP Strict Transport Security (HSTS) for SMA" in your portal settings? I checked with my installation, and HSTS gets properly detected if I'am accessing the correct Virtual Host or Virtual Alias name. For example: Your SMA holds a wildcard certificate *.domain.de and the VirtualOffice…
-
Hi @mrshahin you can upload now and boot later, no worries. --Michael@BWC
-
Hi @mrshahin I saw the same behaviour you mentioned with Google Chrome. I prefer using Firefox when accessing SonicWall Firewall appliances, this worked best for a while now. --Michael@BWC
-
Hi @HIS_Daniel I guess I would go with the Address Group just in case the common name changes over time. --Michael@BWC