MarkD Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
The client IP and username is logged within the Sonicwall device/user/status (on a firewall), I suspect what you are looking for is a RADIUS response which contains the client IP
-
you need to provide more information, the WAN side? are you using static or dynamic IP, PPoE, WWAN ? is it a a client that gets plugged in? how are you determining "a long time" are you relying on windows network location awareness is there any client authentication.
-
From experience its rarely a physical interface that change of the WAN if there is an internet outage.
-
I would review the limitations on the firewall platform you are using for HA, and if you are running active/passive or active/active here are some resources
-
the SMA is the secure mobile access platform s opposed to the firewall range
-
SAML integration is supported on the SMA platform
-
-
Microsoft services change almost weekly Entra was Azure AD :( most of the knowledgebase documentation is I agree a little woolly. Internal Windows NPS with the Azure AD extensions works Then the SW is just a RADIUS client.
-
You can change the log level to "firewall action" and use this in conjunction with the packet monitor
-
try adding ping on the LAN as a management option, the device will the respond to a ping request
-
-
add an A record for the FQDN to your internal DNS pointing at the IP
-
Id start with looking at the NXlogs and enabling the Debug Log Option
-
take a look at the article that runs through the Sonicwall Analytics review
-
If you are concerned about MM vs AM for Client VPN (GVPN will probably not continue for much longer) I would suggest moving to SSL-VPN