Menu

BWC

Cybersecurity Overlord ✭✭✭
Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

BWC Cybersecurity Overlord ✭✭✭

Badges (27)

5 Year Anniversary250 Answers4 Year Anniversary3 Year Anniversary250 Likes100 Answers100 Helpfuls2 Year Anniversary1,000 Comments50 Answers1 Year Anniversary500 Comments25 Answers100 Likes25 Helpfuls100 CommentsWork Out Loud5 Answers25 LikesFirst Answer10 Comments5 HelpfulsFirst Comment5 LikesPhotogenicName DropperEarly Adopter
See More

Reactions

9 Promote 189 Helpful 416 Like 0 Spam 5 Abuse

Comments

  • @fmadia thanks for checking into this. But the information does not add up. For example, a customer has 20 Policies defined on a TZ 470 (7.0.1-5050), each Policy contains two local and one remote network, which result in 40 SAs. According to the Screenshot the Statistics implies that 20 out of 200 Policies are defined.…
    in maximum S2S Policies - Datasheet vs. Real-Life - what is it? Comment by BWC February 2022
  • @MPERU99 about the slow UI I had my fair share about this a while ago, did you tried Firefox as weapon of choice, it seems to handle compression much better. --Michael@BWC
    in Ip address can not be all zero in Address Group used by IpHelper. Comment by BWC February 2022
  • @BrianTheNewb I cannot tell anything about that specific error message (which is a bummer), but if it's a fresh unit my best guess is to update the Firmware to the latest (7.0.1-5050) and do a factory reset. The earlier Firmware for Gen7 left some room for improvement to put it mildly. Firefox is my Browser of Choice for…
    in New Out of Box TZ270 giving errors on GUI Comment by BWC February 2022
  • @tak1987 the link provided by @preston should point you in the right direction, because of the overlapping networks both parties have to do NAT. You need to define a Translation Subnet per Side, e.g. 10.0.4.0/22 and 10.0.8.0/22 (or any other range which is not in conflict) and do the NAT for the respective LAN therefor.…
    in VPN IPSEC Subnet Overlapping Comment by BWC February 2022
  • @JimAllenSW did you checked with a Tool (DigiCert, SSL Labs, ...) that the Cert/Chain provided from the Appliance is correct? You can do this by your own with openssl or testssl as well if you're familar with it. This "Client Certificate" still bothers me. Update: If you try a self signed cert for SSL VPN, does this error…
    in Certificate working for HTTPS management but not for SSL VPN Comment by BWC February 2022
  • I have to bring this up again, while checking the logs after updating to 7.0.1-5050 my TZ showed this message in the System Log: Event: Bad SA Count Message: VPN policy count received exceeds the limit; Min policies required: 250, MySonicWALL returned: 50 This is a factory reset (empty) TZ 670 appliance, no VPNs defined so…
    in maximum S2S Policies - Datasheet vs. Real-Life - what is it? Comment by BWC February 2022
  • Like @preston pointed out in the other Thread about the 7.0.1-5050 Release, the latency while pinging the Firewall went away, took SNWL only 1 1/4 years 🤣 7.0.1-5030 64 bytes from 10.x.y.z: icmp_seq=25 ttl=64 time=0.464 ms 64 bytes from 10.x.y.z: icmp_seq=26 ttl=64 time=3.749 ms 64 bytes from 10.x.y.z: icmp_seq=27 ttl=64…
    in Latency on Gen7 Comment by BWC February 2022
  • @JimAllenSW IMHO the Certificate should work for both, but the Error Message tricks me to think it's something else. Do you have Client Certificate Check enabled on the Manage -> System Setup -> Appliance -> Base Settings page? Do you work with Client Certificates, which is IMHO not supported on Firewalls? If it's not…
    in Certificate working for HTTPS management but not for SSL VPN Comment by BWC February 2022
  • @SonicAdmin80 yeah, a forced fallback to the primary was I meant to suggest too, but forget to mention, duh. If everything is back to normal then I guess it's Ticket time with the Support. It seems Gen6 NSv is dead, evidently. --Michael@BWC
    in Traffic stays on lower LB interface Comment by BWC February 2022
  • @SonicAdmin80 I never was in that situation, Failover in HA was working fine so far. Gen6 talking here, no experience with Gen7 at the moment in HA. Both WAN Interfaces are static or some kind of dial-up? Did you checked the latest Firmware Release available for that unit which might address this issue? --Michael@BWC
    in Traffic stays on lower LB interface Comment by BWC February 2022
  • @BobWHill do you have a license for NSM (Essential or Advanced) attached to this unit? IMHO this is a requirement to modify that option. Zero Touch has to be enbled therefor. I don't have any unit with NSM at my disposal to check further. Check this Video at 1:15, where you can see the options available with a valid…
    in How do I change a TZ370 from On-Box management to Cloud? Comment by BWC February 2022
  • @Simon_Weel according to the Release Notes it sounds that way, but it should be easy to verify. --Michael@BWC
    in Gen7 Firmware 7.0.1-5050 released Comment by BWC February 2022
  • Firmware 6.5.4.9-93n (slight increase from -92n) gets released gradually, I was able to pick it up for a NSa 2650 and Cloud Backup is back in business. Release Notes not updated at this point, so no further information. --Michael@BWC
    in Gen6 - Cloud Backup broken in 6.5.4.9 Comment by BWC February 2022
  • @Larry here we go again, not happy with it but probably inevitable, the market is a mess and all vendors affected more or less. --Michael@BWC
    in Other shoe drop Comment by BWC February 2022
  • @DisaRicks yeah that's so SonicWall, but if you check the Title below the description you can see that 0568 is CGSS (without Capture ATP) and 1441 is AGSS (including Capture ATP) ... I was under the impression that CGSS is no longer avaialble for some time now. --Michael@BWC
    in Renewal services on TZ400 Comment by BWC January 2022