TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
I have begun to keep the mouse away from things I want to actually see. Gotta be quick with the mouse when copying data from the GUI. As we all know UI / UX designers are not admins...
-
@ThK You're welcome.
-
As Preston hinted at many services use CDNs to distribute traffic, rather than just a handful of IPs/FQDNs. What is likely happening is the CDNs are getting caught up in your security services.
-
AFAIK there is no way to exempt traffic from a tunnel-all configuration with Sonicwall UTMs (I do not know if it is possible with SMAs or Capture Clients). Microsoft documentation literally states you have to implement some sort of split tunnel. I suppose you could try to implement some sort of client-side OS route…
-
Default values are terribly low. My general rules of thumb: UDP - Half of the total # connections supported by the device TCP - One-third of the total # of connections supported by the device ICMP - 2000 p/s Note the total number of connections depends on your DPI or SPI settings and model. See here for how to check:…
-
"Ha, ha, ha, ha, ha! Those kooky crazy SonicWall developers have made me laugh!" Who needs columns?!? As I always say, if you're not laughing you're crying.
-
Are these legitimate devices to have on the corporate network or should they be isolated to their own network where you can disable DPISSL (should be isolated...)? You have to also consider what security services you are using WITH DPISSL (GAV/GAS, IPS, etc.) and add exceptions to those.
-
Mode: IKE using PSK Gateway: (Cisco WAN IP); PSK: (***********); Local IKE ID: 4.78.*.* ; Remote IKE ID: (Cisco WAN IP) Encryption domain: Local: 192.168.200.0 /24 (LAN Zone); 192.168.203.0 /24 (SMA Zone) Remote: 10.0.0.0 /16 (LAN Zone) [* This should be in the VPN zone as it is used for a VPN *] Phase 1: Exchange: IKEv2;…
-
You never mentioned what firmware version you were using. At this point, if it were me, I'd upgrade to the latest firmware version, factory default the unit, and start over.
-
I hate repeating myself... Did you enable HTTPS filtering for your CFS profile? (Object \ Profile Objects \ Content Filter \ (Your profile) \ Advanced \ Enable HTTPS Content Filtering)
-
Cleanup for readability... Sonicwall Mode: IKE using PSK Gateway: (Cisco WAN IP); PSK: (***********); Local IKE ID: (IP1) [* What does IP1 mean / contain? *]; Remote IKE ID: (Cisco WAN IP) Encryption domain: Local: (Colo LANs) [* What does this address group contain and what Zone(s)? *]; Remote: (Office LAN) [* VPN zone I…
-
Post your sanitized VPN configs, otherwise were blind to help...
-
Have you seen this thread? https://community.sonicwall.com/technology-and-support/discussion/3340/ssl-vpn-netextender-timeout searching helps...
-
This is not unusual. Think about what is happening when you use tunnel-all mode, how your traffic is encapsulated to traverse the VPN, and how many connections are happening simultaneously.
-
Until you edit the Failover & LB settings, plugging in a secondary WAN interface won't affect your primary WAN connectivity.