BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
Hi @austex_aec I strongly advise against the single DNS record for both lines, because it's somewhat unpredictable on which line the user will end. And in case that one line goes down the users will probably end up in not having a chance to connect because their is no failover on the other line. I suggest to get a SAN…
-
Hi @Alberto ff you wanna allow LDAP to all hosts in the domain * .multicertify.com you will be out of luck, this is where IP based Access Rules and Name based requierements drift apart. The FQDN cannot hold the whole multicertify.com zone, you need to define all server names as one object or define a network object if they…
-
Hi @Nick you need a NAT rule LAN -> Original, X1 IP -> Original, Ping -> Original and an Access Rule which allows LAN -> WAN from LAN net to X1 IP and the important detail here is to mark this rule as Management Rule, without that check it'll not work. Same goes for X3 as well. --Michael@BWC
-
Hi @Trevor I did not had a chance to sent any serial numbers over to @David W , but the 10.0.9 appeared this morning on my MSW account. --Michael@BWC
-
Hi @kboyle if the Firewall is filtering traffic due to one of the security services (Gateay AV, Application control, etc.) there is a exclusion option in all of them, just add your email scanner in it and you should be good to go. Usually I like to have only IPS activated for SMTP which is forwarded to an email appliances,…
-
Hi @Trevor I can't see it either. Maybe it's released in some other dimension: --Michael@BWC
-
Hi @SEBASTIAN I'am glad that I could help, had this scenario myself a couple of times. --Michael@BWC
-
Hi @SEBASTIAN why not just adding 192.168.2.0/24 in the tunnel, no need for NAT that way. If I get you right, the 192.168.2.0/24 is a transfer net between your router and the remote TZ 500 on X1? What you probably need is a NAT rule on the lower TZ 500 to hide behind the X1 IP if the 192.168.2.33 does not have a route back…
-
correct
-
@mrshahin just have look here. It's not really straight forward, but you can go with 5.9.2.13. --Michael@BWC
-
Hi @mrshahin you can shoot straight to the latest firmware in that case, just upload the firmware on the active unit it will automatically transferred to the standby unit. There was a report on possible problems with a 3650 HA setup, maybe you should have an extra eye on that. As always, export your settings first and get…
-
Hi @Ajishlal may I ask why you're posting these lists so regular? It's a SonicWall Community after all and should be focused around that, IMHO. At least this post covers a SNWL flaw :) Anyone who is interested in the latest CVE's can consult https://cve.mitre.org or follow @CVEnew which seems more efficient. Just my € .02,…
-
Hi @ydahn I did some digging on the appliance and it seems that it is powered by Apache/2.2.34, don't know how much modified or just vanilla. I also found a reference to lighttpd, but this does not be involved anymore. It's pretty easy to explore if can extract the initrd.gz from the cf/firmware directory :) It's heavily…
-
@SonicAdmin80 that's weird, double checked, no 10.0.9 for any ESA appliance or Windows, maybe it's the way how MSW shows me that I can't use it anyways :) --Michael@BWC
-
Hi @SonicAdmin80 I took the same approach, TZ 400 at home is running OK so far, updated only customer appliances which are actively using SSL-VPN. But no HA deployments, @B4zza raised some concerns. --Michael@BWC