TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
Add the second WAN IP address as the secondary gateway on the Site to Site VPN configuration screen. Tunnel interruptions to the primary gateway address will failover to the secondary gateway. Be sure to implement at least Basic Failover in Failover and Load Balancing.
-
You have not provided enough detail for us to be able to help. Please provide a diagram with subnet addressing. What is actually failing, the Site to Site VPN?
-
The TLDR version: In Flood Protection settings, the option 'Drop TCP SYN packets with data' should be enabled.
-
@Ajishlal Thanks for the heads up. Classic 'mistake'.
-
"I get 65535 open ports. The connection establishment is closed with a "connection reset"." Technically they are not open ports. Again, a reset response is normal behavior. Maybe you have discovered a bug in Stealth Mode. Are you on the latest firmware version? I'd suggest opening a case with support.
-
Your explanation is convoluted, but I understand. You are testing traffic to the WAN IP of the TZ370W from the WAN side. I think this is more of an TCP/IP question than Sonicwall, but I will attempt to explain. TCP Reset packets are commonly used by firewall (and other) devices to indicate closed ports. It is their way of…
-
You have failed to explain where you are testing from. The LAN side? The WAN side?
-
Are you sure its with the firewall and not a DNS issue?
-
I have seen this happen though I cannot explain it. The workaround is to create a new Address Group with the correct name and members, edit the NAT policy to use the new AG, then delete the old Address Group. It seems editing an Address Group used in a NAT policy is now frowned upon with a generic error.
-
Is there another service running on the firewall that uses a certificate (e.g. SSLVPN)? Or any devices behind the firewall that are open on the 'net using a cert?
-
"vlan 99 is a trusted zone one rigth? just lan traficc vlan2 is untrusted one... wan traficc But vlan3 is trusted or untrusted kind? I ned more info about zones and the manual is not clear for me" Read up zone-based firewall concepts. "Trusted", "Public", etc. are set around what the traffic is considered. If you have an…
-
You can try creating individual rules for each subnet you wish to block. But it has been previously discussed on the forum that the reporting of connection drops isn't consistent. Unless the firewall action is "Allow" than it is implied the connection doesn't complete.
-
Try using a USB Wifi adapter with a different chipset than what you have built-in and see if the issue remains. It could also be your phone provider is dropping the traffic if you are using an off port for SSLVPN.
-
Try a different browser. I have seen this occur with all sorts of objects in the new UI.
-
1452 may not be the most optimal for your ISP, and different KB articles provide different values. Does your ISP have a published recommendation? If not, you'll have to determine that on your own. Are all the sites static IP with ISP device in bridge mode?