Comments

• IKE UDP 500 is to start a connection, if during P1 negotiation the remote endpoint is behind a NAT device, this will move to UDP 4500. Is the remote endpoint behind a NAT device? Also your logs are from an external syslog collector and may not contain all the information.

  in DROP PACKET IPSEC Comment by MarkD January 15
• UDP port 500 is for Internet Key Exchange (IKE) UDP port 4500 is for IPSec NAT-Traversal (NAT-T) ie the endpoint is behind a device performing NAT on the source address

  in DROP PACKET IPSEC Comment by MarkD January 14
• No the internal gui under Device/Diagnostic/GEO and Botnet gives less information

  in Sonicwall Problems attacks and intrusions Comment by MarkD January 7
• You wont see the make model of the SFP - it maybe buried somewhere in a techsupport dump but I've never been able to find a reference

  in What does "Interface Xxx : SFP set on invalid module" mean? Comment by MarkD January 6
• You can use the botnet lookup to confirm if sonicwall has it in their database A check on the first 146.19.125.15 shows it is. The address is also listed on Abuse IP 146.19.125.15 | TECHNOX INTERNET TEKNOLOJILERI | AbuseIPDB And bl.mailspike.net Mailspike Blacklist Listed sbl.spamhaus.org Spamhaus SBL Listed…

  in Sonicwall Problems attacks and intrusions Comment by MarkD January 6
• double check the Compatility of the module - you could be looking at a failing SFP especially being 10 years old Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSA series | SonicWall

  in What does "Interface Xxx : SFP set on invalid module" mean? Comment by MarkD January 6
• Review your logs

  in Sonicwall Problems attacks and intrusions Comment by MarkD January 3
• If you dont need to see the event in the SIEM disable log inform level events to your for ID 1153 Or restrict access to the SSL vpn end point with geoip blocking you are probably logging attacks.

  in "Send socket full, drop it" flooding my logs Comment by MarkD January 2
• There wont be any ARP or MAC address, but as Arkwright says, can you poll the upstream router via the diagnostic ping and specify the interface

  in NAT access is not possible with Multiple IP address WAN Comment by MarkD December 2024
• I could be wrong, but I would have thought it would be pppoe per vlan not on the physical interface

  in NAT access is not possible with Multiple IP address WAN Comment by MarkD December 2024
• The metric is only a synthetic value between 1-20, used for cost calculation ie you can have multiple routes to a destination via different "COST" links ie :- A 1GB leased line circuit (metric 1) vs a slower VPN ( metric 3) vs a 4G link (metric 10) Metric: 1 This is for highest priority, any number between 1 and 20 can be…

  in Linksys Router E1200 Behind Sonic TZ670 Comment by MarkD December 2024
• Add a routing rule via the Policy section/Routing Rules Source Any Destination Cisco Linksys Network Service Any Nexthop Standard Route Interface X0 gateway "the ip address object of the Linksys 10.1.52.100" metric 1

  in Linksys Router E1200 Behind Sonic TZ670 Comment by MarkD December 2024
• nothing wrong with what you have done but you've missed the fact that the sonicwall does not know about 10.1.53.0/24 you need to add a route back to that network via the router at 10.1.52.100

  in Linksys Router E1200 Behind Sonic TZ670 Comment by MarkD December 2024
• configure the switch with VLAN 10 set the uplink port to switch port mode trunk set the downlink on your Linksys port to switch port mode access switchport access vlan 10 The Linksys then dosent need to understand the VLAN ID, the switch will add this on frames going to the firewall and remove the VLAN ID as it egresses to…

  in Linksys Router E1200 Behind Sonic TZ670 Comment by MarkD December 2024
• P1 and P2 timings are clashing, you've used the "defaults" Change the timings!

  in TZ670/TZ370 - Site to Site VPN - random drop outs Comment by MarkD December 2024
More Comments