Comments

• Im not gonna argue with you, but this is what you are doing. NAT-ing traffic over a VPN. Just because the article is using private IPs doesnt mean the underlying information is wrong. Anyways... if you are not even seeing IKE/ISAKMP traffic to/from their peer than something else is up. Doesn't matter what model Cisco they…

  in Many-to-One NAT over VPN? Comment by TKWITS August 2021
• Have you looked at this?

  in Many-to-One NAT over VPN? Comment by TKWITS August 2021
• How did you solve your problem? It helps to post for others to see. You cannot create an address object with all zeros even if you didnt have that IP Helper policy. There are other address objects that fulfill that need (e.g. 'Any', 'WAN Remote Access'). The reason that policy exists is because you have enabled 'Windows…

  in Packet détail problem..... Comment by TKWITS August 2021
• Routing decisions happen before NAT. See the flow chart published here: What routes are advertised over your VPN tunnel interface? I suspect your route statement is part of the issue. Why do you have so many devices?

  in Packet détail problem..... Comment by TKWITS August 2021
• It's pretty simple. Gen 6s are very mature products (Sonic OS 6.5) running on a very mature OS (VxWorks) and hardware (Cavium/Marvell Octeon MIPS64 CPU). Gen 7s are very immature products (Sonic OS 7.0) running on a very mature OS (Linux) and who knows what hardware(no one has published this info, I suspect ARM64 though).…

  in Why has the Latency Increased from <1 ms on LAN when pinging new generation 7 Sonicwall? Comment by TKWITS August 2021
• Can you provide us with more information? What is your X0 IP and subnet? Is the POS server behind the firewall or located elsewhere?

  in SSL VPN TZ470 Comment by TKWITS August 2021
• In my experience, yes the users would need to re-register a new MFA. The Sonicwall considers it a different account. I have never tried having the same username between a local account and LDAP though, that might be a test to try if you want to avoid an MFA change.

  in Would I need to setup my MFA account a second time after LDAP Integration? Comment by TKWITS August 2021
• Have you even opened a ticket with support?

  in SSL VPN TZ470 Comment by TKWITS August 2021
• In my opinion that description is cut and paste from a bandwidth graph description. Clearly the graph is showing the number of EVENTS logged by country. Not the vloume of traffic...

  in Analytics Report: Geo IP - Initiator/Responders Comment by TKWITS August 2021
• What part of the graph is showing you bandwidth?

  in Analytics Report: Geo IP - Initiator/Responders Comment by TKWITS August 2021
• So you said "IPSec SSL VPN" which isn't a thing. An IPSec VPN tunnel between locations and SSL VPN for remote client access are two different things. Are you running the latest firmware version (or at least 7.0.1-1456)? Have you tried replicating the results using NMap? https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html…

  in Keep failing PCI audit because of sweet32 attack detacted Comment by TKWITS August 2021
• Can you provide a screenshot or log line?

  in Analytics Report: Geo IP - Initiator/Responders Comment by TKWITS August 2021
• Again, you haven't given us much information. Provide a diagram or more detailed description of your setup, otherwise no one will be able to help.

  in Packet lost to particular server Comment by TKWITS August 2021
• You have a touchy situation, and I am all for freedom of information. From a technical standpoint have you tried utilizing other features of the device such as content filtering, GEO-IP filtering, or even just blocking ports on the firewall? Most VPN services use a combination of TCP 443, TCP 1194 and/or UDP 1194 (and…

  in Blocking of VPNs Comment by TKWITS August 2021
• DPI-SSL requires the installation of a certificate on client devices, otherwise it won't work. Have you read this thread? https://community.sonicwall.com/technology-and-support/discussion/comment/7716

  in Blocking of VPNs Comment by TKWITS August 2021
More Comments