Comments
-
While discussing the issues in general here is good for comparing notes, I hope you have a ticket open for this Vendan. There can be many different root causes for issues which lead to reboots or HA Failovers, and though the symptoms look the same, each customer's TSR and tracelog files will show the case owner how to…
-
SonicOS 6.5.4.6-70n is a beta version which will show up in your Download Center if you have enabled the beta option under "My Account (top right). There are no release notes, but it is designed for use with the Switch and CSa (Capture Security Appliance) Beta.
-
Hello DJHurt - I don't think I can grasp your deployment based on text alone. I will message you with my email address at work so that you can send me a diagram, one fully labelled with every devices' IP / mask / GW, so that I can properly advise you.
-
This KB Article is based on a presentation I did for our partners at DellWorld years ago. It has some relevance to your issue. https://www.sonicwall.com/support/knowledge-base/sonicos-core0-principles-and-common-configurations/170502733076877/
-
Hello DJHURT1: When using two of our firewalls in HA, there is no requirement to have each one with unique public IP addresses on the WAN. You can configure the Network Interface on the active unit in the HA pair, and then the active unit will use that IP in production and fail over that interface to the standby unit…
-
Yes I also wish to comment that in most cases the ISP will route the blocks of IPs to the firewall WAN interface IP, and thus no static ARPs are needed. Some ISPs do act differently and have a dedicated GW IP address, used on the upstream router, for the second block of public IPs. In that scenario, static ARPs and a…
-
Odysseus, this is a textbook example of an issue which should be worked in a support case. The sensitive nature of the IP schemes you have shared are not worth the benefit of not paying for support if that is why you are pursuing it here. On the technical issue, it's likely there is a NAT Policy that is too general which…
-
Yes, I have one other idea. The subnet mask used on the destination servers matters also. If they are using 255.255.240.0 (aka /20), then you would expect it to work if the L2TP clients has the same mask. But if the servers use a narrower subnet mask 255.255.255.0 (aka /24), then their traffic going back to the client…
-
-
-
Hello all: In addition to the above-mentioned "LAN subnet listed on the VPN Access tab" under the User's settings, the same object must also be configured in the Client Routes, which is part of the Default Device Profile, found under SSLVPN Client Settings screen.
-
This capture shows that the queries done to the strict.bing.com hostname are about once a minute on average. The firewall does this even if CFS or the bing feature is off. The queries are done using both type A and type AAAA at the same time, a minute or two apart. I hope that helps.
-
FYI - Log Name Resolution feature does one job:: Reverse lookups of any IP address which shows in the logs using either DNS or NetBIOS. It is not related to the strict.bing.com traffic.
-
I believe, in past testing where I capture all DNS queries done by the firewall, that it does queries for this hostname even if the feature is not enabled. I am doing another capture and my lab firewall does not have that feature on, and I even disabled CFS itself to see what happens. More news at 11 (figuratively).
-
Yes, that that is the setting I enabled and you now have a rule like the one I showed.