TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
If you found a previous firmware performed better you can downgrade back to it. Mind you will lose some of the features and fixes of the newer version. Have you tried any troubleshooting procedures including driver / NetExtender updates?
-
There is a 'Secure Upgrade' program which will allow you to purchase a newer firewall and transfer the old licenses to the new one. AS long as you have control over the existing unit's registration that would be your best option.
-
What is Charles Proxy? Did you fail to mention you have a proxy server in your environment that could be causing the issue?
-
In your second attachment, shows XXXXX.net/Users. That is the default domain user OU and contains the forest administrator account.
-
Unless you are changing client configuration on the device side, the older versions should still connect. There is also an option to force a client update in the device client configuraiton.
-
Your server should be handing out DHCP, with it as the specified DNS server.
-
Your configuration shows you are using the entirety of the domains default Users OU for LDAP authentication. That is a bad idea for reasons I do not want to get into here. The way I do LDAP authentication for VPN (of any sort) WITHOUT specifying users locally on the firewall is to use a non-default OU that contains VPN…
-
Sounds like you want to use a failover configuration. Here's an old link (but still relevant). Let us know if you need more guidance. http://help.sonicwall.com/help/sw/eng/9410/26/2/3/content/Network_WAN_Failover.032.2.htm
-
So Im going to poke this thread because I am experiencing (and have in the past experienced) weird issues with firewalls and throughput. I have a ticket open but since I have only recieved half hearted responses I will share here. ISP rated line speeds: 200 Mbps ingress, 10 Mbps egress Previous firewall was NSA2600, ran…
-
"it's about having this kind of stuff in the field and the vendor does not seem to give a bit" Even if you are forced to work with said vendor YOU can put processes and policies in place to limit the impact it will have to you. Sometimes you have to force others peoples hand by locking things down and making them realize…
-
What a delightfully loaded question! First, define harmful. Who is receiving the harm? Does harm include risk? Is it OK from technical or legal liability standpoint? NIST's CSF and plenty of other security frameworks would help you decide. Really it sounds like you want advice if you should take the project / client. Say…
-
What are you using LDAP for? What do you mean it 'is not limited to the Security group'? Are you saying that any user with LDAP credentials can login to the unit / GVPN / SSLVPN? In the firewall LDAP configuration \ Settings \ Server \ Directory, you can limit the OUs that contain user accounts and user groups. Is this…
-
I do not have an SMA, but you can control MFA via the user group or individual user account settings on a firewall. MFA does not require additional licensing. Hope that helps.
-
What version of NetExtender / GlobalVPN client are you using? Have you tried other versions along with Chojin's suggestions?
-
You cannot change this per user, it is a global setting. What you can do is setup SSLVPN without split tunneling and test with your user that way. SSLVPN is easier to manage overall.