BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@billmayer I do not have any Gen5 in reach, but did you logged into the appliance first and then changed main.html to diag.html? It's not possible to start directly with /diag.html. --Michael@BWC
-
@DSimard to swap the Interface it's pretty straight forward, set X4 to unassigned and configure X24 with Zone and IP address. BUT it might get tricky, check Routing, NAT and Access Rules before doing this to see if any Rules are bound to X4, you would need to recreate them. --Michael@BWC
-
On Site A, do you have an Access Rule from VPN to LAN which allows Port 4000 to 192.168.0.253? ... the reject shown above tells otherwise. --Michael@BWC
-
Do you see any Port 4000 traffic on Site A coming via VPN? Do you allow Port 400 traffic from VPN to LAN at Site A? --Michael@BWC
-
@JeroLefe having an Access Rule from LAN to WAN means that the traffic is not going over the VPN Tunnel. It should have worked with the Rules I gave you, except that I messed up the Destination address, it should have been 1.2.3.4 and not 4.3.2.1. --Michael@BWC
-
@PhDh the OID is correct, but did you do the Preprocessing with a Custom multiplier of 8? Units of this Item has to be set to bps. You could even try to monitor the Appliance with the SNMP Interfaces template. I'am not a big fan of the community offered SonicWall Templates. --Michael@BWC
-
@Günter I have no real explanation for this, but the 10.0.0.1 seems to give the reply packet to 192.168.8.3. Did you search the TSR for 10.0.0.1? Can you find 10.0.0.1 in your ARP cache? Did you examined the DNS packets to see what the Request and Reply was, maybe this provides more info? --Michael@BWC
-
@MeJohnM afaik Jumbo Frames are not support on TZ appliances, needs to be NSa and up. --Michael@BWC
-
@Kai_Info you need to get the same model for HA, there are SKUs for each model. --Michael@BWC
-
@JeroLefe did you tried to enable a NAT Rule on Site B? Source Original: 192.168.1.0/24 Source Translated: Original Destination Original: 4.3.2.1 Destination Translated: 192.168.0.253 Service Original: 4000 Service Translated: Original You probably need an Access Rule from LAN to VPN for 4.3.2.1 as destination as well.…
-
Steph, if there was a global issue it seems to be fixed, Login and 2FA (by mail) worked fine. Sunday is almost over at your kneck of the woods, MSW has to wait til Monday :) --Michael@BWC
-
@oldtechie this might be correct if LB&F is used in failover mode because there will be only one Default Route active, but there is always a Default Route as described above for the Interface IP and this is where your port forwarding is heading to from the WAN. Just give it a shot and you'll it works, just make sure your…
-
@oldtechie well, I think there would be no PBR necessary for having port forwarding to Network 1, because of the fact that reply packets for your NAT will hold e.g. X3 IP (assume this is the DSL Interface for Network 1 secondary WAN) as source and routed accordingly as described above. It's Friday evening and I might be…
-
@oldtechie the reply packet for your NAT will have as Source IP the address of your secondary ISP, therefore it will be routed over the correct connection. Have a look at the routing table and make sure to display Display&Custom and let it sort by priority. You'll see a default route for X2 IP (e.g. your secondary ISP) as…
-
@Peter_R We have Site to Site IKE VPN running because we want it SECURED. If you believe a Tunnel Interface is less secure, then I can tell you that is not the cases. It's just a different implementation but security-wise its the same, you should look into this if you're running SNWL-to-SNWL. To rule out any already fixed…