BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@KevinLynch I think there is is no strict scheduling for GA Releases. The Firmware cycle looks sometimes a bit slow, don't know what the reasons are (7.1 beta was expected 10 months ago). Usually I don't care if a release is GA, MR or FR, if it contains something me or my customers need I'am good with it. --Michael@BWC
-
The firewall you're connecting to has to have the Global VPN licenses, the Client is free but requires a "Server" license. --Michael@BWC
-
@Alfredo as always, Firmwares are available on MySonicWall https://mysonicwall.com you have to login with the credentials where the unit is assigned to. Node License isn't relevant for VPN, what does "Global VPN Client" says on the Licensing Page. The unit is pretty old, but wasn't there a limitation on that unit that it…
-
@Alfredo SOHO 250 is a Gen6 Appliance and should run 6.x, you're sure about the model number? Latest Firmware for 5.x is 5.9.2.13, you might try it with that. If you have a look at the License Page of your Firewall, it shows the correct values for licensed GVPN? --Michael@BWC
-
@Manoj it's pretty straight forward. Source Original: Internal IP Source Translated: X1 IP Destination Original: Any Destination Translated: Original --Michael@BWC
-
@BetsyAmi the change will be synced from Primary to Secondary, no manual steps needed. --Michael@BWC
-
@gparker919 you might check with the guys who are doing the PCI compliance scan for you, if a private CA is sufficient you could OpenSSL (or XCA, a swiss army knife when it comes to keys/certs) to create your own CA. You have to make sure that your endpoints are trusting this CA certificate and you're good to go.…
-
@gparker919 the answer to that is quite simple. Bind a FQDN to the IP associated with the Internet connection of that location where the SNWL is placed. If you have a static IP use an A Record, if you have only a dynamically assigned IP use it in conjunction with a DynDNS service and create a CNAME Record pointing to your…
-
@jtpryan have a look at Network -> SSL VPN -> Client Settings. The Default Device Profile holds the Address Objects which defines the scope. You can assign a seperate subnet completely independant of your LAN, which is highly recommended. --Michael@BWC
-
@rigiba8 the Packet-Monitor is giving it away, your Firewall is receiving network packets with VLAN-ID 60 tagged and you don't have a virtual interface assigned with that ID X0:V60. Looks like a switch misconfiguration to me. To resolve this, there a couple of options: create VLAN 60 on X0 if needed assign only the VLAN…
-
@jtpryan you can't, DHCP for SSL-VPN Client adressing is not supported on Firewalls, but you can on the Secure Mobile Appliances if you like to go that road. --Michael@BWC
-
@gparker919 because it looks you're running in circles, SHA256 is what you're looking for, SHA-2 is a family of functions and SHA256 is one of them. Just in case this caused confusion, because @MustafaA already answered this a while back. --Michael@BWC
-
@fre you should make your self familar with the Packet Monitor. If you limit the monitor to your endpoints IP address and look only for dropped packets you'll see real quick if they get blocked by the firewall or not. --Michael@BWC
-
@ECP_Pokerhitman did you do the changes on CLI? This would need a commit indeed. --Michael@BWC
-
@ECP_Pokerhitman I bound up to 8 VLANs to the LAN Zone on X0 and they all showed up in the Zones listing. Did you tried a different browser of Incognito Mode to avoid any caching issues? Otherwise you have to open a Support Ticket for that. --Michael@BWC