TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
The 'Default DNS settings' option pulls from the firewalls DNS settings set in Network \ DNS, which by default uses the configured WAN DNS servers. Glad that helped.
-
See my comment, the issues i described were specifically with Gen6 devices. Why does any company do anything?
-
I understand but will also warn you NSM does not always play nice with Gen6 devices. Start with a test setup before going full production.
-
The most sensible solution is to document what you know about the setup and leave it alone. If it's functioning as it should than why go through the hassle? Then during the next upgrade cycle correct the issue with the new units. If you have a very simple config than I could see wanting to do the switch, and I would follow…
-
The short answer would be yes. Unfortunately that does not seem feasible in your situation. Content filtering might help but you may run into the same issue.
-
Are you tunneling all traffic with SSLVPN? Does your SSLVPN client config allow access to the entire subnet, or at least to the DNS servers as well? Does the user account you are logging in as have access to the same subnet / servers? Don't use an ISP DNS server in the SSLVPN config, use only local DNS servers.
-
I have Digium and Sangoma PBXs (both Asterisk based) behind Sonicwalls (with local and remote phones) and have never had what you are describing. Long ago I had a Trixbox I maintained that was behind a Sonicwall as well. I do not create such broad rules as you have described in your first post, as ANY ANY ANY rules should…
-
You are correct by thinking you are not receiving the traffic for the other IPs due to them being complete idiots...sorry...the DHCP address not being assigned. You might give them the same MAC address for all IPs and see how that goes, or have them create a route pointing all your other IPs to your x.x.x.101 working…
-
Think about what you are enabling. You have a rule (screenshotted) that says Any traffic from Any IP address (Source) in the DMZ can go to Any IP address using Any service (Destination) in the WAN. Since you are not specifying a Source IP (Any) address in the rule, enabling the connection limit will apply to ANY (meaning…
-
I think another valid question is, what happens when the backend times out and the firewall is configured to block until a verdict? Is the file released anyway?
-
Thats your problem, your not limiting the access rules to only the traffic in question.
-
Come on guys, do a search once in a while... Looks like youd need to have Azure AD Directory Services, not just Azure AD.
-
Wireshark is a step beyond what you need to look at right now. In the Sonicwall packet monitor, select the VPN packet and look at the packet details. There are essentially 3 options for processing of a packet: consumed, forwarded, or dropped. The packet should be forwarded, if not you need to determine why.
-
Good job troubleshooting the first part. As the first comment mentioned start with a packet capture. Do this on the NSA4500, looking at what it is doing with the VPN traffic from the TZ270.
-
Two TZ570's we reportedly troublesome today, but I didn't deal with the issue directly. They were eventually rebooted by manual power cycle. Both are fully licensed with various security services enabled. Other 570's without security services didn't exhibit this behaviour. Also of note, the two that did are locally…