Menu

BWC

Cybersecurity Overlord ✭✭✭
Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

BWC Cybersecurity Overlord ✭✭✭

Badges (27)

5 Year Anniversary250 Answers4 Year Anniversary3 Year Anniversary250 Likes100 Answers100 Helpfuls2 Year Anniversary1,000 Comments50 Answers1 Year Anniversary500 Comments25 Answers100 Likes25 Helpfuls100 CommentsWork Out Loud5 Answers25 LikesFirst Answer10 Comments5 HelpfulsFirst Comment5 LikesPhotogenicName DropperEarly Adopter
See More

Reactions

9 Promote 189 Helpful 416 Like 0 Spam 5 Abuse

Comments

  • @William this might answer all of your questions. Cconsidering the size I assume you're not running your own CA, therefore I would go for the commercial cert, but choose the Common Name (CN) wisely to avoid any certificate errors when connecting to the TZ. --Michael@BWC
    in SSL Certificate for TZ470 Comment by BWC March 2023
  • @preston thanks, this is pretty detailed, I'am intrigued to give it a testdrive. It sounds like 10.2.1.7 is detecting modifications, hopefully starting with the upgrade to 10.2.1.7 (from 10.2.0.x or 10.2.1.x) and not only from 10.2.1.7 upwards. --Michael@BWC
    in SMA 100 Series - infected with persistent malware (fixed in 10.2.1.7)? Comment by BWC March 2023
  • @sohand I would go with these Packet Monitor settings, they cover everything from the clock which touches the Firewall. Another thing to think about, when the clock of the clock 🤣 is completely out of sync the https handshake might fail, but this would be a big design flaw of the system itself. --Michael@BWC
    in some packets dropping 443 Comment by BWC March 2023
  • @Larry thanks for the link, I did not checked with Mandiant, but it's pretty detailed. It seems, once infected, the malware modifies any uploaded firmware package. The question remains, does the new introduced counter measures in 10.2.1.7 detecting this. I assume they do, because it must be introduced for a reason. I…
    in SMA 100 Series - infected with persistent malware (fixed in 10.2.1.7)? Comment by BWC March 2023
  • @sohand yes the forwarded packets meaning that there was traffic flow, according to your screenshot there was some exchange between the systems. If the cache clean drop is the only packet dropped you're golden and it might have some other reason when the communication isn't working out. I guess 192.168.9.40 is your system…
    in some packets dropping 443 Comment by BWC March 2023
  • @sohand as you can see the "cache add cleanup drop the pkt" means that an unclosed/timedout connection is dropped from the connection cache, this is pretty common and nothing to worry. If it interrupts your service you might consider to increase the TCP timeout for that specific destination via Access Rule to keep the…
    in some packets dropping 443 Comment by BWC March 2023
  • @Sam168 do you have a Routing Policy which holds all of your internal Subnets as Destination routed via X0 and your Core Switch as Gateway? This is necessary to teach the Firewall what Subnets to expected besides the X0 Interface Subnet? If your Core Switch is connected to a different Interface please adapt. --Michael@BWC
    in Sonicwall Consider my LAN as IP spoofing Comment by BWC March 2023
  • @SebastianS yes, just put a Switch between the TZ and the Vodafone Modem, a 15-20 EUR solution for an annoying problem. --Michael@BWC
    in WAN port flapping on TZ270 connecting to Cable Modem Comment by BWC March 2023
  • @MustafaA SFTP != FTPS ... maybe @Reventus might clear things up to make sure. I would go with SSH based SFTP according to the original post. If the SSH Server is accepting connections only from local clients then just do a NAT for the VPN clients and hide behind the Interface IP pointing to the SSH Server and make sure…
    in Connecting to SFTP from VPN Comment by BWC March 2023
  • @@FFour sorry that I'am late to the party and I'am glad that you figured it out. But MGMT was always on 192.168.1.254 and the deployment guide would be probably the most helpful here: Best of luck with your next adventures on the NSA 3600 :) --Michael@BWC
    in (DELL) SonicWall NSA 3600 - will not reset - please help Comment by BWC March 2023
  • @Rinconmike I was under the same impression that the update took longer as usual, whopping 10 minutes for a TZ 470, that requires some patience when done remotely :) --Michael@BWC
    in TZ670 Random Reboot on 5095 Comment by BWC March 2023
  • A quick update on this, the newly released Firmware 10.2.1.7 seems to be working much better and the Appliance is no longer crashing (15 hours in and counting). --Michael@BWC
    in 10.2.1.6 - Appliance crashes when Exchange Application Offload enabled Comment by BWC March 2023
  • @Ron_DDC your request got me curious and I had the chance to play with it a little on a fresh appliance. Indeed you cannot change the Zone type when assigned to an Interface, but when you set the Interface assigned to the Zone in question to "Unassigned" you're able to change the type. But only under the caveat that you…
    in Trying to change a Zone from Public to trusted Comment by BWC February 2023
  • @Piotr81 full disclosure, I never used BGP on SNWL, but did you verified that the Firewall isn't blocking what it supposed to do? Did you checked your ruleset from ANY to LAN for example, is there a Allow Any Rule for that? If not, the implicit Drop All should be effective. Just make sure you're displaying all Rules…
    in When turn on BGP on Sonicwall look like all ports are open. Comment by BWC February 2023
  • @erickim that's tough, gladly I never faced this issue. I don't have access to the Capture Client management anymore, but you could check the policy settings for "Scan new agents" and disable it, this should solve the issue. If you wanna give it a try, SentinelOne is IMHO a great endpoint solution. --Michael@BWC
    in cpu high (after install capture client ) Comment by BWC February 2023