TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
Firewall credentials are stored on the unit so you wouldn't be able to change them via mysonicwall.com. If the device had been setup with RADIUS or other authentication for management you might be able to get in that way. Otherwise you'd have to factory default the unit. It's time to upgrade anyway, TZ105 support ended…
-
I do not recommend importing configurations between different models or firmwares, no matter what Sonicwall says is supported! I have always been bitten by weird things like you've mentioned, opened tickets, only to have support say 'factory default the unit, and manually reconfigure it'.
-
You can deny traffic to/from websites via an access rule. You can create an Address Object for the FQDN/IP address that you want blocked. Then create a deny access rule with the destination of the appropriate address object. Be sure the deny rules priority is before any allows in the table. It seems like that is what…
-
Run a packet capture while generating traffic to/from the website...
-
Try a different web browser and open a support case. If you do not have a valid support license than I would suggest factory defaulting the unit and rebuilding from scratch.
-
Since you are not an administrator of the Sonicwall you will need to ask the person that is to make the changes. The NetExtender client pulls its configuration from the Sonicwall device you are connecting to.
-
So what firewall hardware and firmware version are you using? Did you try an updated version of NetExtender? I recommend 8.6.266 or greater. The version mentioned in the article (8.6.265 ) was problematic as well.
-
You havent provided enough information. Is the IP address being 'scanned' the one used by the Sonicwalls WAN interface? Do you have HTTP or HTTPS management enabled on the interface? If so, are you not limiting access to the management interface via its Access Rule? Do you have SSLVPN running on port 443? What firmware…
-
Read the release notes of newer firmware versions for the TZ400 and NetExtender. There's a section of fixed issues, known issues, security fixes, etc. Or you can check https://psirt.global.sonicwall.com/vuln-list Hope that helps.
-
does netextender work without TOTP enabled? what are the logs telling you?
-
ISPs giving out described 'Public LAN' IPs are just causing people confusion. What your ISP is giving you are extra publicly routable WAN IPs that you can use for NAT-ing. For example: The ISP gave me a single IP in a block to assign to my WAN interface IP: 101.202.303.62 MASK: 255.255.255.252 GW: 101.202.303.61 The ISP…
-
have you tried the above? or below? hope that helps
-
Given the limited information provided, it seems these are SNMP logs you are showing us. The PDF linked above has a reference to the entry you are questioning. Above shows a table of maximum NAT policies, but that doesn't seem to be what the log is referencing. I could not find any reference to a 'maximum dynamic NAT…
-
I'm not sure if this applies, but it might help. If you can generate a CSV or TSV of the IPs, and convert it to the required format it'd probably save you some time.
-
it is quite detrimental when one is asking a question or giving an answer.