TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
Didn't one of the component providers for Capture Client announce end of support, so IMO not unexpected. Hadn't heard of 'Solutions Granted' before this but they seem to know what they are doing and its a step in the right direction. Will I replace my current endpoint solution with SW's? Time will tell.
-
The default LAN to WAN IPv4 rule allows traffic from any source to any destination on any port. If you have disabled the default rule you will have to create a rule as follows (note assumptions are made, this is not intended to define your ruleset but provide guidance): Source Zone: LAN Source Address: Any Source port: Any…
-
"You can have an additional IPs on a LAN interface for management: I don't know if this will work for routing traffic, however." It will work for routing traffic. The provided article can be used to add a secondary IP address and subnet on a single interface. What is missing is creating and publishing a static ARP entry…
-
You might have to uninstall and do a cleanup, then redeploy.
-
Since access is for a vendor, the vendor should be able to supply you with a list of IP addresses to allow connections from. These would then be specified as the Source Address in the Access Rule. Otherwise your database is open to the world, and that's not good security.
-
Have you looked at the KB article? Seems they have more than just the one NAT policy required.
-
The diagrams never quite show enough information, but it looks like you have specified a source port in your access rule. Generally source ports are ephemeral so you shouldn't have to specify them. The destination port is more important 99% of the time. Try setting your source port to any in the access rule. Also, learn…
-
Does anyone see any potential problems with this setup? Once your non-customer users ask for wireless how will you provide it? Will this configuration provide suitable security to prevent wireless uses from gaining access to the X0 LAN? What are your 'Wireless AP, Internet Only' to 'LAN' access rules? Or any other…
-
Or any SNMP monitoring software...
-
AFAIK no.
-
Geo-IP databases are generally provided by third parties (such as MaxMind) and as IP allocations/assignments change so do the databases. I'm sure if you checked between security licensed and unlicensed Sonicwalls you'd see differences too.
-
Arkwright is correct about the benefits of Logical Probing over Physical. To answer the question posed: "can that cause it to not failback to X1 when that comes back up ?" It shouldn't but it depends on the settings (again not enough information was provided). From:…
-
To answer the subject line: No, they don't have to use the same probing. A more specific question in the body would help, but what would happen depends on the Failover configuration in place (Active/Passive, Round Robin, etc.) and you have not provided that information.
-
This is a known problem that firewall generated traffic does not get NAT'd over a site to site VPN tunnel. AFAIK there is no workaround.
-
Contact your ISP.