Comments

• While NSM is appealing at first, it is still very immature. Don't use zero-touch + NSM just yet. I've had instances where firewalls would reboot themselves just by browsing around their configuration in NSM. I received hotfix from support, but that only worked on one device. I've had instances where a setting change in NSM…

  in How does a Firewall with NSM Recover if Internet Connection is Lost? Comment by TKWITS March 2021
• Even basic networking is complex, so don't fret if you don't understand it all immediately. That article is providing steps to take to help you identify the traffic that the Sonicwall believes is a flood and is logging as such. That article will not provide you an answer, you have to determine the answer yourself. That…

  in FIN FLOOD Comment by TKWITS March 2021
• See here for throughput information on older models. I would not expect TZ100s to get beyond 40Mbps with DPI enabled.

  in Having a WAN through-put issue with my old TZ100 Comment by TKWITS March 2021
• I believe this is happening as I too have looked for old threads and they are now gone.

  in Threads getting purged? Comment by TKWITS March 2021
• @Saravanan Can we get an updated packet flow diagram with CATP and other security services shown? Thanks.

  in What is first? APP rules or ACLs? Comment by TKWITS March 2021
• Saravanan is trying to have you use the tools available to you to troubleshoot the issue. It sounds to me like you have a routing issue. Your core switch does not know where to send traffic to get to the internet, and your firewall does not know where to send traffic to get to the 'application'. What is the routing table…

  in Routed mode as well nat Comment by TKWITS March 2021
• Are you able to ping the IP address of the X0 interface when you connect to it directly? If yes, are you positive HTTP/S management is enabled on that interface? If not, are you positive that is the IP address you assigned to it? Do you have HTTP/S or SSH management enabled on any other interface? If you do you can login…

  in Connect to my Sonicwall on X0 interface Comment by TKWITS March 2021
• I do not recommend importing configs between different models and OS versions. I have been bitten too many times. Do it at your own risk.

  in Upgrade - TZ210 to TZ4nn Comment by TKWITS March 2021
• @Saravanan so in the publish diagram, does 'content scans' encompass all of the security services scanning including Capture ATP?

  in What is first? APP rules or ACLs? Comment by TKWITS March 2021
• This question has been asked multiple times, and there are multiple ways to accomplish what you want. Sonicwall cannot and will not guide you past setup of their equipment. You have to be able to troubleshoot issues. Think about where the disconnect is. You are able to connect to the wireless network, obtain an IP address,…

  in Sonicwall and Windows Server network Comment by TKWITS March 2021
• It would be nice to see where the security services get involved in the processing of a packet. Other vendors provide diagrams of this information.

  in What is first? APP rules or ACLs? Comment by TKWITS March 2021
• This would be needed if you did NOT want your mail server to use the same public IP address as the one assigned to the firewalls WAN interface. Creating the shown rule forces the mail servers traffic to be translated to the 'WEBMAIL PUBLIC' address object value. Read up on NAT.

  in Unnecessary NAT rule? Comment by TKWITS March 2021
• For clarification, are you trying to block the facebook or instagram apps on a smartphone, or are you trying to block the websites?

  in APP CONTROL Comment by TKWITS February 2021
• https://en.wikipedia.org/wiki/Client%E2%80%93server_model In this instance yes. Read up on the client-server model.

  in FIN FLOOD Comment by TKWITS February 2021
• The server is waiting for the client to close the connection. The Sonicwall identified the packets as a possible flood. Read up on TCP handshaking.

  in FIN FLOOD Comment by TKWITS February 2021
More Comments