BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@RaHorn last time I checked there was no third-party removal tool. You need to deply the installer file for initial rollout, updates can be controlled via Capture Security Center. —Michael@BWC
-
If you edit the WAN-WAN Rules they way mentioned above you will be golden. You can tinker in the internal settings, but I advice against it, due to your newbie status with SNWL :) The option you're looking for "Enable the ability to remove and fully edit auto-added access rules", but there is no need for that in your case,…
-
If you don't want ANY Management Access from the WAN, you might head over to the Network Interface (e.g. X1) and. untick the Management options you dont want. Default Rules can be deleted if enabled by Option in the internal settings, but I would not go that route if not really necessary. —Michael@BWC
-
@JOELA80 remove your custom Rule "Inbound Firewall Management" and just set GRP_WAN_Trusted Management as Source Address for the Default Management Rules. —Michael@BWC
-
@Rinconmike you might do a Packet-Monitor for udp/67-68 and check what DHCP client and server doing. Unrelated I had a Windows system a few weeks back attached to a TZ 400 (Gen6) and it did not accept a new IP. It was asking for the same IP over and over again but it was already occupied by another device. Wireshark is…
-
@Mux1973 don't use it, end of support was 2014. —Michael@BWC
-
The scripts are for NetExtender, having browser triggered scripts would be scary. —Michael@BWC
-
@alijan125 this KB article answers all questions: Long story short, just get a TZ 670 HA unit (different SKU, no license needed) and do the exact cabling for the 2nd unit. Add the S/N of the secondary unit in the HA configuration and you are done (additional steps can be necessary). Optionally you can buy a stateful HA…
-
@Dak_Atlanta the MIB files are available on MySonicWall for each Firmware, just pick the file for the release you're running on your appliance. I shared my 2 cents a while back about VPN monitoring with SNMP, it wasn't that joyful. What tools you're using to get the data? snmpget or something else? PRTG can monitor VPN…
-
@olafk I tried to keep it short :) … depending on your scenario having a client (NetExtender) and the native RDP Client is a viable option. But in browser only it's a no no. If we're talking SMA 100 series it'll never happen. For the SMA 1000 series you might create a RFE, but I'am not hopeful for that. —Michael@BWC
-
@olafk no, that is not possible. —Michael@BWC
-
Steph, MSW looks "fine" to me right now, login and downloads are possible. Don't have anything to register at the moment. Isn't it working at all (did you checked Incognito mode or a different browser) or something specific? —Michael@BWC
-
@moyusuf001 the answer is no, you cannot share the same public ip and port to multiple internal IPs, because there is no way to distinct what internal system should be connected to. I suggest having different ports if public IPs are limited. Another option would be some kind of proxy which accepts the inbound connection…
-
@Satyanarayana_ENV are all interfaces part of the same zone or different zones? If possible I would disable "Interface Trust" on the LAN zone and see if this resolves your demand. I'am advocate for disabling the Automatic Rule Creation settings in all Zones, but you need manual configuration after that and some planning.…
-
@XImpalerX if you disable Tunnel All and connecting from a remote site (not behind the SNWL) you should be able to access the Internet without any trouble. The only reason I could think of at the moment would be if you have Routes for your SSLVPN which are in conflict of your local network, e.g. 192.168.1.0/24 is your…