Comments
-
And from time to time they can break my firewall, good thing I have HA in place otherwise my network would be down… I think that this issue is with the newer version of the firmware 7.1.1
-
https://community.sonicwall.com/technology-and-support/discussion/comment/21010#Comment_21010 Exactly the same issue, how they bypass the domain i don't know…I've changed the domain a bunch of times to see if they would be able to pick it, and they picked it all the times. Changing the port is an option, but…its easy to…
-
https://community.sonicwall.com/technology-and-support/discussion/comment/21015#Comment_21015 Ah, you're using SMA, I'm using a TZ, I don't know if I will have the same options as you do. @mwatson536 you can send me a message with the configuration?
-
Hello gentlemen, it just started like 2 weeks ago for me... Enabled MFA Enabled lock IP forever after 3 tries Disabled the virtual portal for the outside But even then they still trying... I even changed the domain to see if it would help...nope it looks like theres some way to bypass that?
-
Thank you for letting me know
-
That did the trick, thank you very much.
-
Here? I'll be honest...that never crossed my mind...
-
I have it disabled. The info on the "Enable HTTPS Content Filter" says: "HTTPS Content Filtering HTTPS content filtering is IP based, and will not inspect the URL. While HTTP content filtering can perform redirects to enforce authentication or provide a block page, HTTPS filtered pages will be silently blocked." My guess…
-
It does work from outside. Like I said, it doesn't work when i have CFS configured with "Scan HTTPS" enabled. As soon as I turn it off it works ok.
-
Forgot to mention that I've looked into the logs and also Packet capture, with no luck...
-
@MustafaA ignore my last comment, I just used my head. And it is not working because It is not translating the SSL subnet to the WAN IP, because of the "original/original". And most likely that's why It works when I turn the NAT rule that i've created, because it translates the SSL IPs to the WAN.
-
It looks like it can't use the default NAT policy route. might be because the priority is at 62 (It is the last policy on my NAT rules) _____________________________________ Default NAT Policy_2 Any Any Any Any Any Original Original Original
-
Without the NAT rule, the packet is only "Generated", I don't get any dropped packets. I need to enable the NAT rule to start getting "Consumed" packets.
-
Thank you @MitatOnge.
-
Hello, that was what I just did. And it looks like it is working now. Also, MitatOnge, do you think that it is worth it to have GAV also scanning outbound connections?