BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@PolkaDots you did not enabled SSO Enforcement for LAN and/or VPN by accident (or on purpose)? This could cause something like this if you're not authenticated to the Firewall somehow. Same goes for your Access Rules from LAN to VPN, Users Included should be set to "All" and Excluded to "None". I'am just fishing here, but…
-
@siletzspey to the best of my knowledge, if you list Default & Custom Rules for a given Range (e.g. LAN - WAN) you'll see all Rules and the only one missing is the implicit Drop All Rule at the and of the Ruleset. In my early days with SNWL I tended to manually add a Clean Up Rule at the end, because it was needed on other…
-
@djhurt1 for the first question I would say it depends on the Zone settings you have configured. There are four settings per Zone definition which can auto-configure Rules between Zones. First thing when I configure new appliances is to untick all of them. Only then you're safe to say that no traffic will be allowed…
-
@Micah because I stubmled in the same situation again, any news on that? --Michael@BWC
-
@noob long story short, there is no NTP Server Service available on SonicOS. --Michael@BWC
-
@djhurt1 the rule is added when "Ping" is enabled on the respective Network Interface settings. Usually I would say that these should not be necessary but maybe it's some kind of enforcement to make sure that management traffic is not altered by some overlapping NAT rule. --Michael@BWC
-
@Zyxian you're absolutely right, it's a mystery to find proper documentation how to license GeoIP and Botnet Filtering. Even on the Licensing Page in MSW and on the appliance there is information. TSR is also of no help here. But I can assure you, that all my deployments running Essential Protection are licensed for GeoIP…
-
@Enzino78 SNWL did not disclosed any information on this AFAIK. Maybe it's included in yesterdays GAV Signature Update. But nevertheless, to have any effect you probably need to have DPI-SSL enabled for detection in a encrypted stream. I became more and more an advocate for getting things done on the Endpoint, because only…
-
@MarkD thanks for the detail, I totally faded out Gen5 already. I was able to upload a Gen5 configuration to the Migration Tool, but the result looked a bit weird, maybe it was NSA 3500 specific, The interface mapping and IP addresses showed were totally off. --Michael@BWC
-
I had to dig this old thread out, just 1 1/2 went by with no further reaction. I had a customer call today regarding TSA, will there be any changes around this Utility? It still says DELL and is 5 years old, which is ancient in our line of business. Windows Server 2022 does not support IP Virtualization at the moment, so…
-
@ClydeP there is an official Migration Tool available, provided by SonicWall, you can find it over there: https://migratetool.global.sonicwall.com/ But to be honest, the results using this tool are a mixed bag of good and evil, I strongly advice to NOT use it and don't use it myself. But it may be an option if you're in a…
-
@jpchenel this seems like a resolvable problem. Create a new Network Zone of Type "Public" and call it let's say "VoIP". Bind this Zone to Interface X3 and assign an IP address to it or let it be assigned by the PBX to end up in the 10.10.10.0/24 network. The X3 Interface has to be conneccted to the LAN segment of your…
-
@leohsu I don't wanna be unfair, but IMHO there is no real stable version for Gen7. I would go for 7.0.1-5065, despite the fact a customer apppliance crashed for no reason yesterday and probably the days before as well. All of my deployments are at 5065 and running smoothly most of the time, until some stange things…
-
@DatalinkAdam sorry, I gave up on that for now. --Michael@BWC
-
@Marco_Lazzarotto you're correct in both instances, 2FA can be enabled on User-level regardless the Domain-settings, and it'll be used for Web and NetExtender. It can be left unchange on Domain-level, which does not allow OTP for LocalDomain anyways. --Michael@BWC