BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@Mariusz Funny thing is, this TZ 670 is not new, it's registered since 2020 and the module was working before. Recently I factory reset the appliance and deployed 7.1.2 and updated to 7.1.3 later on. But I did not checked the storage module recently, until today trying to do some digging because of the other discussion we…
-
@SonicAdmin80 did you got your storage module working? I was checking a TZ 670, which comes with a 32 GB module) but it isn't recognized on 7.1.3. It's properly associated on MySonicWall. —Michael@BWC
-
I'am not experienced enough with CSE at the moment, but this should get you covered (hopefully). On the Firewall side of things you have to check how the packets are routed and setup NAT and Access Rules accordingly. —Michael@BWC
-
Like I said, if it's the same subnet then the SNWL should not affect the NAS connection, but if you're connecting from a different subnet (or VLAN) the SNWL will definitely affect when down. Your only option would be to deploy the Firewall with a seperate HA appliance to avoid this single point of failure. —Michael@BWC
-
Local traffic (same subnet) will never be affected by the Firewall. Do you access the NAS by hostname or IP? If the hostname gets resolved by the Firewall (Static DNS Proxy entry) then this might be the reason. —Michael@BWC
-
I guess there is a limit based on the performance of the Appliance, not using the Storage Device for that. For TZ 470 it's the same 12500, TZ 670 / NSa 2700 it seems to be 25000 and a NSa 4700 can keep 50000 IPs. On-box analytics was never the strong suit of SNWL Firewall. Update: the TSR holds some information about the…
-
Lou, you should not give up, if your server is listening to port 2525 the Rules are straight forward. NAT: Original Source: Any (or the allowed IP from the Internet) Destination: X1 IP (your WAN Interface of choice) Service: 2535 Interfaces: leave them to ANY Translated: Source: Original Destination: Server IP in the LAN…
-
Steph, that is an excellent question. AFAIK Starlink is offering static IPs as well, maybe they are geolocated differently than the pool addresses? On of my customers is installing a Starlink in the next days and I can report back. —Michael@BWC
-
@louyo the terms "Original" and "Translated" should give it away, this is NAT 101 and of course possible. Original Service is 2525 and Translated should be 2535. The only pitfall that comes to my mind could be the Access Rule. You have to make sure that WAN to LAN (or DMZ) Access Rule is allowing 2525 not 2535! Access…
-
You can enable Authentication by clicking the Advanced Button on the page you mentioned. —Michael@BWC
-
@David W I created #44779446, if you like to assign it to you, I would highly appreciate it. —Michael@BWC
-
@Vivek did you had a chance to do some testing? I guess it's not an issue if the AD DNS answer fits into the 512 UDP packet, but after that it causes trouble. Maybe that's the reason why it does not comes up that often. —Michael@BWC
-
There was an update to 5.0.13 to me this morning, maybe this was related and 5.0.12 got pulled (halfway)? Does the issue still persist when trying to download 5.0.13? —Michael@BWC
-
@Pocho I tend to disagree on that. I'am not trying to enforce all DNS Requests and if the DNS Proxy Cache is going only to work with UDP, that is something I can live with. DNS Proxy for TCP is working fine (AFAIK), but the Split DNS isnt. Funny thing is, 7.0.1 Internal settings has a toggle for DNS Proxy Protocol, UDP+TCP…
-
@Vivek I checked on my 7.1.3 appliance at home, and it is the same, Split DNS does not work with DNS requests over TCP. —Michael@BWC