Comments

• Post anywhere. Those are just guidelines.

  in Firewall forums - which one to use? Comment by TKWITS June 2023
• Why bother exposing an internal DNS server? Doesn't this company have a web presence (public website, public registrar, etc.)?

  in Forcing traffic destined from the inside to one WAN interface out the other Comment by TKWITS June 2023
• From a sanity standpoint: you can say no to peoples requests.

  in Forcing traffic destined from the inside to one WAN interface out the other Comment by TKWITS June 2023
• You don't need two SSLVPN profiles, you just need proper DNS records to handle internal and external requests for the same FQDN.

  in Forcing traffic destined from the inside to one WAN interface out the other Comment by TKWITS June 2023
• For clarity sake is below the ideal traffic flow? Client SSLVPN -> Sonicwall DMZ interface -> Sonicwall WAN X2 -> ISP 2 -> INTERNET -> ISP 1 -> Sonicwall WAN X1 -> SSLVPN Internal LAN Access The less details you give the less likely you'll receive help. But this complete flow is unlikely because of the internal routing…

  in Forcing traffic destined from the inside to one WAN interface out the other Comment by TKWITS June 2023
• @Ena @Community Manager @TIJU

  in NSa4700 Active/Active HA and LACP / LLDP capabilities Comment by TKWITS June 2023
• It's either on or off. Yes, you can adjust thresholds but you cannot specify exceptions like 'ignore host 1.1.1.1' or 'ignore between 8pm and 10pm'. Whether or not the thresholds correlate to the 'possible flood' log entry im unsure of, since 'possible flood' is a vague statement.

  in Possible TCP Flood on IF Comment by TKWITS June 2023
• If you feel your highest risk is around wireless than by all means add services to your access rule. But you can be doing other things to reduce your wireless risk (separate networks, 802.1x, zero-trust networking). The mention of a 'guest network' was less about providing Wifi to 'guests' and more towards introducing the…

  in WLAN Access Rules Comment by TKWITS June 2023
• If you know the signature you can disable it in Policy \ Security Services \ Gateway AV \ Signatures, or add it to the Cloud AV exceptions via Policy \ Security Services \ Gateway AV \ Status/Settings \ Cloud Anti-Virus \ Cloud AV DB Exceptions. Otherwise, not sure what you mean by 'disable this'...

  in How to bypass GAV on Gen 7 for "UPX_Packed_Executable_2 (Trojan)" Comment by TKWITS June 2023
• Ask Fortigates community.

  in SD-WAN - Fortigate Comment by TKWITS June 2023
• You havent provided us any information and this isn't causing you an issue so...

  in how to fix HTTPS Handshake: sslv3 alert certificate unknown Comment by TKWITS June 2023
• It seems you are missing some underlying concepts. Have you considered creating a 'guest' SSID for 'untrusted' devices?

  in WLAN Access Rules Comment by TKWITS June 2023
• When you say you get this 'alert', how are you receiving it? Email? You can disable email alerting on specific log entries.

  in Possible TCP Flood on IF Comment by TKWITS June 2023
• Open a support ticket.

  in TZ270 not resolving MAC address objects Comment by TKWITS June 2023
• This is called 802.1X and is not a feature available on Sonicwall firewalls. It is available on Sonicwall switches.

  in TZ 270W functionality question (certificate based access management) Comment by TKWITS June 2023
More Comments