TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
Have you followed the KB here: https://www.sonicwall.com/support/knowledge-base/how-to-decrypt-https-traffic-using-dpi-ssl/170505885674291/ Have you read this KB: https://www.sonicwall.com/support/knowledge-base/client-dpi-ssl-frequently-asked-questions-faq/170505782716496/ Did you enable HTTPS filtering for your CFS…
-
Under SSLVPN Server Settings is the default inactivity timeout. There are also user-specific timeout settings in Users \ Settings \ User Sessions.
-
As with all Gen7 devices upgrade to the latest firmware. If you do not have DPI-SSL enabled than Content Filtering won't catch 80% of web traffic.
-
"Someone needs to tell SonicWALL they may want to change the firmware on the TZ models that ships in the box. This is the first time I had to deal with this nonsense. It's poor QC and programming." Those of us that have been Gen7 from the beginning feel your pain... and we have been scolding Sonicwall ever since.
-
Upgrade to latest firmware, factory default, and start over.
-
None of that explained what I was inquiring about since it was pretty much a regurgitation of your original post... Sonicwalls expect X1 to be connected to an internet circuit with a public IP address and public DNS connectivity (or at the very least X1 has connectivity to the internet via double NAT, static routing,…
-
Did you not set a DNS server on the TZs X1 interface? If not, why not? If so, you have to determine why it's not receiving a DNS response. You never explained how the internet is connected to your setup. I am guessing it is on the NSA's X1 interface, and you are simply using the TZ's as routers. @MitatOnge 's answer may…
-
@preston has the right response: an nslookup (or dig) of these domains do not return a response, so the log is just informing you of this. There is no fix, this is by design of the owners.
-
Dont forget if your using Gen7 with the latest firmware its a known bug that wildcard FQDNs dont resolve properly without a www address object created for the domain as well. Considering Bosch is fairly large they might be using a CDN or DDOS prevention service. I'd capture some packets while browsing the site to see where…
-
Let me search for you... /quiet, /q, or /qn perform silent installations for MSI files. Reference: https://www.silentinstall.org/msiexec/
-
It's best practice not to use your internal domain name as the SSLVPN User Domain (Im pretty sure even the KB article says this). Don't use the Self-signed certificate for SSLVPN. Purchase one from a trusted CA to use for this (it can be a wildcard cert). Geo-IP filtering DOES apply to inbound connections to the SSLVPN…
-
You need to obtain more information on both the SIP provider and the PBX... They have installation / 'turn up' guides for a reason. Read up on how your PBX handles RTP traffic (if it keeps RTP sessions active between itself and the phone, or if the phone handles all the RTP traffic after the initial setup). Unless your SIP…
-
The latest firmware release notes have a known issue about wildcard FQDN objects not being resolved properly and the workaround is to also add a www address object for the domain in question. This is probably what you were originally running into. I also ran into it.
-
In the GEOIP Countries page there is the Exclusions section. I use the 'Default GEOIP and BOTNET Exclusions Group' as the exclusion object, then added FQDNs and IPs to the group as needed. Not sure if there was something else you were looking for.
-
Wow, massive oversight on my part. Ugh, it's Friday and has been a long week...