TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
There's always the possibility of issue with a rollback, but it seems like you have a simple config so you should be ok. I wouldn't filter the packet capture based on source IP, just destination IP and port.
-
I'll take a stab at this since no one else has... "We want to terminate our vlans in the Spine switch using VRRP. But also bring the vlans into Zones on the firewall for east west traffic control. Is this possible?" I don't believe the Sonicwall will like this. Anytime I've had VLANs terminated on a switch but also exist…
-
Look into Dynamic DNS services for your Cisco device. Then you can setup the tunnel on the Sonicwall based on the FQDN, not an IP address that will change.
-
You should be looking at your switch, not the Sonicwall, for authentication-based connectivity. Read up on 802.1X
-
Rebuild the config from scratch.
-
Are you running any of the security services on the Sonicwall? If so have you considered creating exceptions for the HTTP traffic required for Let'sEncrypt to properly renew?
-
"Most devices are secure upgrades from former Gen 6 models." Did you migrate the configuration as well or were your devices setup with a fresh configuration? I have multiple Gen7s on the latest firmware with no VPN issues (site to site or SSLVPN, i dont do L2TP)...
-
You have to consider what you are doing with the traffic as well as the 270 is the lowest of the low end. If you are utilizing any of the UTM features I can see how the performance is that degraded. It's not that it won't allow you to use VPN to traverse borders, it's that you have to know what you are doing with it.
-
Does the cellspot work when connected to a laptop (when said laptop is not connected to any other network)?
-
To answer your question. Yes it is possible.
-
You have also neglected to tell us the firmware version of the firewall.
-
Does the cellspot work connected to a laptop? What is the configuration of X7?
-
"There's a lot of things that should be done in microbusiness IT that aren't done because there's no way to get it done in a few hours per month." Less about having time to do it, more that the businesses do not see a need to get things done the right way. Societal problems are a discussion for another time...
-
You should be looking at the packet detail of the IKE negotiations on UDP 500, not at the dropped packet. We know why the packet was dropped (VPN tunnel not up). It is entirely possible the configuration on the other end is incorrect. I've had to fight others that their config was the problem. Best thing to do is get a…
-
You are asking a very loaded question. GAV, GAS, and IPS are only part of the UTM features. Are you using DPI-SSL for clients? If not you're missing at least half of internet traffic. Are you using GeoIP Filtering to prevent access to / from unneeded and questionable areas? Content filtering? Do you have traffic segregated…