Menu

BWC

Cybersecurity Overlord ✭✭✭
Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

BWC Cybersecurity Overlord ✭✭✭

Badges (27)

5 Year Anniversary250 Answers4 Year Anniversary3 Year Anniversary250 Likes100 Answers100 Helpfuls2 Year Anniversary1,000 Comments50 Answers1 Year Anniversary500 Comments25 Answers100 Likes25 Helpfuls100 CommentsWork Out Loud5 Answers25 LikesFirst Answer10 Comments5 HelpfulsFirst Comment5 LikesPhotogenicName DropperEarly Adopter
See More

Reactions

9 Promote 189 Helpful 416 Like 0 Spam 5 Abuse

Comments

  • @JeroLefe you don't need an explicit outbound NAT rule for this, it's covered by the default for X1. —Michael@BWC
    in What is the best way to create a PAT outbound? Comment by BWC March 2024
  • @LinkHigh this happens from time to time, for me it's fine right now. Whenever it happens I'am trying a different Browser or using an Incognito (Private) Session to avoid any caching trouble. If this does not help check the Status Page if there is any known maintenance. Yesterday was a infrastructure update affecting MSW.…
    in mysonicwall.com stuck on on loading screen Comment by BWC March 2024
  • @Simon_Weel IMHO there is nothing you can do, because there is no form of authentication from the mobile device to the firewall if no VPN is involved. MAC address gets lost on Layer 3 and the IP is dynamic so your only option might be to reduce the attack surface by using GeoIP for your country. SMA 500v isn't that…
    in TZ470 - How to block / allow mobile phone access Comment by BWC March 2024
  • No, you don't need any custom rules for this, delete them. Deny is implicit and the Allow Rule is the Default (no modified with your source object). I meant the default rules for management, you can limit them as well to only allow specific addresses, if this is possible in your scenario. You can add Botnet and GeoIP…
    in Help With SSLVPN - Allow by FQDN /IP Comment by BWC March 2024
  • You have to edit the SSLVPN Rule that's in the WAN-to-WAN selection, it's #13 in your latest screenshot. If you're in the WAN-to-WAN rules anyways, you should check if you can limit the Management Rules (HTTP + HTTPS Management, SNMP and SSH) to avoid any access to your Firewall that is not wanted, just as precaution.…
    in Help With SSLVPN - Allow by FQDN /IP Comment by BWC March 2024
  • @stokie21 I'am sorry, I've told you only the half of the story. You have to enable the Option "Enable the ability to remove and fully edit auto-added access rules" on the internal settings page, then you can edit the default Access Rule. Sorry for that. --Michael@BWC
    in Help With SSLVPN - Allow by FQDN /IP Comment by BWC March 2024
  • @stokie21 list custom & default rules (All Types), the default one is probably above your deny rule. Get rid of your two custom rules and set the Source of the default rule to your WAN_FQDN_HOME_WORKERS object. --Michael@BWC
    in Help With SSLVPN - Allow by FQDN /IP Comment by BWC March 2024
  • @MikeSun this is part of the new DNS Security which came with SonicOS 7.1.1. It's powered by Vercara and might be their product UltraDNS used for DNS resolving. I'am not 100% sure if it's used for CFS 5.0 as well. --Michael@BWC
    in Default DNS Servers Comment by BWC March 2024
  • @jdanielemtrx you are using SMA 100 Series, Firmware 10.2.1.11? Clear App always worked in the past when a user replaced devices. Did tried to disable OTP, login in without MFA, re-enable it and login again to see what happens? --Michael@BWC
    in User Changed MFA app Comment by BWC March 2024
  • @egy_ehab putting at least some effort in asking a question is always welcome and often results in the outcome. There is no CFS in the Email Security, but if you're looking for getting an email notification when the CFS hits on the Firewall you might look into this: Log Category Security Services -> Content Filter, the…
    in enable email notifications for SonicWall CFS Comment by BWC March 2024
  • If you mean that you cannot access the AP via the tagged VLAN 1? It might be related to VLAN1 itself, traffic needs to be tagged but your configuration does not tag the native VLAN on the AP. Not sure about VLAN 1, it might be handled in a special way. You can crank up a Packet Monitor and set an Interface Filter to X2…
    in VLAN Assigned to Interface of UTM Comment by BWC March 2024
  • @XChangingIT sorry for the confusion, I was always under the assumption that there is an switch attached, my bad. The switch had to be configured tagged for the Port with X2 attached to it and untagged where the AP is connected to. There is no requirement to use a tagged VLAN for the AP provisioning, it's just the way I…
    in VLAN Assigned to Interface of UTM Comment by BWC March 2024
  • @MattHooper if you're non authenticated devices getting static IPs would be probably the best approach. Not sure if this possible, but it's not a requirement. The Access Rule for your authenticated users looks good to me, for the non authenticated devices I would use the mentioned Address Objects and put them in a Group…
    in Assigning a local user based on MAC address Comment by BWC March 2024
  • @MattHooper you could create Address Objects of type MAC for the devices with no authenticated users (if we're talking SSO or Web Authentcation?). Then just create a new CFS rule for this group of Address Objects with the needed CFS Policy and have this Rule above your CFS Rule requiering Authentication. If you're using…
    in Assigning a local user based on MAC address Comment by BWC March 2024
  • @Jhamaker did you checked with Packet Monitor what is getting dropped when trying to do Wifi Calls? Did you allowed the needed traffic from your WLAN Zone to WAN? This is a recent thread which might give you some insights: At the end of the day you need to open up UDP 500 and 4500 to the ePDG for the mobile carriers in…
    in Configuring Wifi Calling on Sonicwall TZ300 Comment by BWC March 2024