BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@AJPixelbox did you ran a Packet-Monitor capturing UDP Port 67+68 Traffic to see if the requests reach the SNWL and what the response was? You should be able to see if the packets are correctly tagged and what DHCP Options are requested and replied. I don't know anything about UniFi, but if there is no component…
-
Michael@normic SNWL does not support any Client-Mode besides IPsec. I'am not sure if Tunnel Interfaces are supported in combination with OPNsense, but this would be the my preferred choice. If VTI is not working you could use at least use Site-to-Site, failover might be a bit tricky. --Michael@BWC
-
@normic you might search the Community, it's discussed a few times. This KB-article helps as well: If this does not point you in the right direction you might consider get in touch with a SonicWall Partner, because security related configurations should be done with care. --Michael@BWC
-
@normic SNWL does not support OpenVPN as a client, you might consider connecting via SSL-VPN or IPsec. If a client in your network needs to open an OpenVPN Connection you need to create a Firewall Access Rule for allowing the traffic, but it seems this is not what you're looking for. --Michael@BWC
-
@stevmorr this is interesting, I checked the settings of my vSwitch and all three security settings are set to reject. I can't recall that this setting was ever mentioned in the documention and I never changed it on any deployment (I did a few). But if it fixes your situation it must be related somehow for sure.…
-
@xdmfanboy you should be able to migrate the config of the NSa 2650 primary unit with the migration tool, import it into the NSa 3700 and configure the new HA settings afterwards. I would not expect much trouble if the migration tool does not mess things up. --Michael@BWC
-
@stevmorr I have this scenario running over here, no major trouble except (don't know if this is still a thing with 10.2.1.9): In the Clients / Settings I have configure to use DHCP for IPv and the Interface X0. The DHCP Server is located in the same subnet as X0. I'am using MobileConnect (iOS / macOS) for the most part…
-
@rgr is this KB-article not what you're looking for? Follow the steps to unbind the TOTP. --Michael@BWC
-
@jjorgenson and when you're done setting it up, check the info below, just in case you're not aware of it already: --Michael@BWC
-
@prozacsnack I had one deployment and for debatable reasons the secondary unit was off for a long time ... it was able to pick up properly when switched back on in case the primary was off. You should set up HA, sync the unit and switch the secondary off if necessary. I suggest you switch it back on from time to time to…
-
@prozacsnack you would need a second Appliance with all services activated and licensed, which might be costly. What are your concerns with setting up HA? Its pretty solid and somewhat straight forward to implement. The additional benefit is that you don't need to buy the services again for that 2nd unit. --Michael@BWC
-
@zizounet short answer, you can't because NAT is not SNI based. You need to get yourself a reverse proxy. --Michael@BWC
-
@SonicBoom I might repeat myself, but if you really like to spread a single Layer2 domain via VPN you need something like EoIP (Ethernet-over-IP) which SNWL can't do. I did this in the past with the help of Mikrotik Routerboards. This comes with some downsides and I would recommend to do this via Layer3 if possible,…
-
@sveinol I did not experienced this in the past and I deployed a few of them. Is there a NAT rule which might catch the ARP request for the addresses of that specific subnet? Does it occur on any Interface or just specific ones and what Zone got they assigned to? --Michael@BWC
-
@Bo_Hic I guess it's a "regular" crawler, I have this in the logs on Jul 5th, 10th and 17th. 95.214.53.99 and 95.214.55.244. --Michael@BWC