BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@fabybaruz sounds promising because I need to deploy Gen7 in a similar scenario, hopefully 5060 will arive til than. --Michael@BWC
-
@Rave_Romero12 it should be doable if you alter the default access rule LAN-LAN for HTTPS MGMT and select a MAC Address Object as source for that rule. It might be a bit to restrictive, but at least I would configure an unused (unconnected) interface as last resort management, just in case. --Michael@BWC
-
@Baudet the INVALID_ID_INFO happens on Phase 1 or 2? You're running a MainMode or IKEv2 Tunnel? Local/Remote networks could cause this as well if different on one side, did you checked the subnetmasks as well, just in case? I always prefer TunnelInterfaces for SNWL-to-SNWL setups, it's easier to debug, because networks are…
-
I'am running a similar setup, at least the VPN messages are not firmware related in general. Did you checked with the Log Details of that log entry? --Michael@BWC
-
@Baudet I can't recall seeing this message without a reason, did you look into the details of the log entry which might give a hint? Is the local and remote network configuration correct on both sides? Is this a Tunnel betwwen two SonicWalls? What Firmware we're talking about? --Michael@BWC
-
@fabybaruz you got a pre-release of the 5060 build because 5051 is the latest public available at the moment? --Michael@BWC
-
@Zyxian I guess we got a bit confused about the term "Match Objects", which is the section header in the Gen7 Navigation, nevertheless, it's handled through Address Objects (which @Nat verified, and who should have better knowledge on that topic 🤣). There is a Match Objects -> Match Objects in the UI, which would require a…
-
@Zyxian Match Objects are used for App Rules, which are part of the Application Control license. But I can't see the relation between NAT and App Rule at this point. NAT is handled with Network Objects, not Match Objects. Maybe you might explain your demand in more detail and we can put you in the right direction.…
-
@np_ there was a similar question on Reddit, but no final answer on this. Because you checked it's the correct model (TZ370 vs. TZ370W) and the MD5 checksum. My last option would be use different browsers, I always had the best results with Firefox. Safe mode might be enother option, but shouldn't be necessary. If nothing…
-
@Larry I checked a few systems, all with the altered Schedule to 05:00-06:00 were working fine, a few with the defaule one failed today, but backed up in the last 3 days fine. It's some kind of a gamble, but I stick with my time slot and noone dare to congest it :) --Michael@BWC
-
@Kip_Cool I don't have a Gen5 at my disposal anymore, but does it not support "export current-config exp"? On a Gen6 appliance I can specify to export as CLI or EXP via ssh. Did you had a look into the file, was it a readable format or just a stream of base64 encoded characters, that would be probably the exp format then.…
-
@Arkwright it's just a guess, but because authentication is involved I wouldn't take any risk considering it's used for management and SSLVPN as well. PSIRT note only mentioned management though. Maybe SNWL is eager to chime in to clarify. --Michael@BWC
-
@ThK SonicWallWebProtection, a constant beacon of joy. I ditched CC and couldn't be more relaxed (endpoint-wise speaking). --Michael@BWC
-
@LitBobOn as mentioned over here, go for it ASAP. --Michael@BWC
-
@LitBobOn yes I have it running in the field already and it's working. Everyone should install it too, because of a whopping 9.4 CVSS. --Michael@BWC