Comments

• You need a single Access Rule with the Destination Ports you intend for both User Groups. Leave the Users Included/Excluded with default values and define the desired VPN Access for each group. In a nutshell, if you intention is to limit/control each user group differently with the Access Rule based on the Destination…

  in SSLVPN TZ-x70 grant different services to user-groups Comment by MustafaA July 2023
• To add clarity to my comment about Geo-IP Filter Block page.

  in Are DPI-SSL and DPI-SSH Licensing Available on a TZ370 Comment by MustafaA July 2023
• @Paulw , are you referring to CFS Block page or Geo-IP Filter Block page? The behavior of Geo-IP Filter Block is slightly different from CFS and that's the reason I am asking.

  in Are DPI-SSL and DPI-SSH Licensing Available on a TZ370 Comment by MustafaA July 2023
• @okortegast , this is expected behavior. When searching Access Rules, the firewall uses the five tuple parameters Source Address, Source Port, Destination Address, Destination Port and Protocol as a composite key to find the matching one. Once this is found, it will check the Users Included/Excluded. This is the reason of…

  in SSLVPN TZ-x70 grant different services to user-groups Comment by MustafaA July 2023
• @Eddie , your Static Route is configured only for SSLVPN Service (assuming the service object has only the SSLVPN port), and the traffic that you have on the Packet Monitor is for DNS traffic.

  in Router in front of SonicWall Comment by MustafaA July 2023
• The Client Routes is required to push the defined subnets as route policies to the remote host. You can check this on the remote host with the "route print" command, before and after SSLVPN connection. The subnets defined for the user under the "VPN Access" tab, is related to giving access permission(s).

  in Router in front of SonicWall Comment by MustafaA July 2023
• Create an Address Object for the SSLVPN IP Pool with Zone Assignment as SSLVPN. For instance;

  in Router in front of SonicWall Comment by MustafaA July 2023
• @Eddie , even if you have the SSLVPN IP Range blocked off by your DHCP server, still as best practice use a completely different subnet/IP Range.

  in Router in front of SonicWall Comment by MustafaA July 2023
• Hi @Eddie , here are my inputs for this config. You certainly need the static route policy on the firewall, which you highlighted. If needed you can change the Gateway to 192.168.100.1 which is the Eth0 interface of your router You don't need the NAT policy. Keep it lean and clean. Change the SSLVPN IP Pool to a…

  in Router in front of SonicWall Comment by MustafaA July 2023
• If needed, we can provide the HF build baselined on 6.5.4.12-101n MR for the issue GEN6-3898. A request via a web case would be ideal for this.

  in Changeip "Network Error"... Anyone? Comment by MustafaA July 2023
• @Raptor , the fix for Gen6 firmware (Issue: GEN6-3898) is expected to be included in the next Maintenance Release (SonicOS 6.5.4.13).

  in Changeip "Network Error"... Anyone? Comment by MustafaA July 2023
• SSLVPN service on UTM firewalls do not have the End Point Control feature. SMA appliance is your option.

  in Restricting SSLVPN access by device Comment by MustafaA June 2023
• Could this be related to the highlighted option available on the "diag" page?

  in Geo-IP Block and Access Rules question Comment by MustafaA June 2023
• @A_Elliott , are you indicating that the traffic is flowing to the SBC from countries not listed in the allowed list or is this finding based on the TCP handshake only, from those countries?

  in Geo-IP Block and Access Rules question Comment by MustafaA June 2023
• How can I setup and utilize the Packet Monitor feature for troubleshooting? https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/170513143911627

  in VPN ISSUE after changing WAN IP Comment by MustafaA June 2023
More Comments