Comments

• My sarcastic side says unplug it from the network The whole Idea behind Nmap is to identify devices, it may not respond to ping but it will to an ARP, NMAP is matching the MAC address to the Vendor The MAC of an interface can be overridden.

  in Block NMAP Comment by MarkD November 2023
• Management access over the VPN will need to be enabled for access to the Firewall UI, at least with that you have a fighting chance of debugging the "other" side

  in Site to Site IPSecVPN access to http / https only working from B to A but not from A to B Comment by MarkD November 2023
• NSV inside Azure VNET, enable IKE NAT traversal on on both sides ( IPSEC VPN advanced) - use IKEV2 if possible The initial IKE message IKE_SA_INIT to port 500 will include the Payload (41) NAT _DETECTION_SOURCE_IP Payload (41) NAT _DETECTION_DESTINATION _IP it will then negotiate the NAT traversal In Azure you are behind a…

  in Cannot establish IPSec Tunnel between remote site and NSv Comment by MarkD September 2023
• leave the firewall to be a firewall - BUT bandwidth limitation is per physical interface

  in Going from a NSA2600 to a TZ640 with 3 switches Comment by MarkD August 2023
• no you cant on the sub interface only the physical.

  in Per-vlan bandwidth limiting Comment by MarkD April 2023
• on the ISP router/modem

  in While creating IPSec VPN between NSA4700 & Tz370, i am getting below error. Comment by MarkD April 2023
• create an address object for DNS server and add that to the VPN instead of the X0 subnet. you could always add rules afterwards

  in Interesting VPN / DNS question Comment by MarkD March 2023
• So on your switch, you have your 2 access ports one on VLAN 2 connected to X0 and the other on VLAN 5 Connected to X1 and their native VLANS are configured?

  in sonicwall / cisco switch Configuration ( 2 separate LAN networks using 2 different ports) Comment by MarkD February 2023
• maybe something to look at unless its already set.

  in NSA2700 to TZ270 Tunnel Interface dropping SNMP Comment by MarkD October 2022
• you may want to check out the Aruba Support pages for Instant on What are the ports that needs to be allowed on Firewall in order to bring up Aruba Instant ON APs? | Everything Instant On

  in If anyone has deployed an Aruba Instant On Access Point (AP22) how was your firewall configured? Comment by MarkD October 2022
• We always use the Windows NPS with the extension for Azure MFA with the push notification for approval.

  in What do you use for a 2FA OTP email account to send the one time password for SSL VPN Comment by MarkD August 2022
• https://www.sonicwall.com/techdocs/pdf/switch-administration_guide.pdf pages 47 and 48 cover Link aggregation and Port trunking.

  in Link Aggregation (LACP) with Windows Server 2019 Comment by MarkD August 2022
• You will need to add the specific route on the VNET in order to pass traffic back to via the NSV. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

  in How do I access the Azure VM after I've vpn into the NSv via NetExtender? Comment by MarkD July 2022
• I dont believe this is possible directly on the applicance, you may want to look at a third part product to alert. but you will still need to manually correlate to the relevant connection in order to terminate. https://www.fastvue.co/employee-internet-usage-reporting/#downloadtrials

  in NSA 2650 - How to send alert/notification when users download file size exceed 100mb? Comment by MarkD July 2022
• If I understand the VPN server you refer to is "out on the internet, external to your environment" Have you implemented Firewall rules that permit the VPN through the firewall? I'll make the assumption is an IPSEC VPN Here is the MS article Troubleshoot Always On VPN | Microsoft Docs specifically 809 points to UDP 500 and…

  in TZ370 cannot join external VPN (IKEv2) from VLAN behind Firewall Comment by MarkD July 2022
More Comments