Comments
-
This is an RST packet sent from the internal host and since SonicWall is a stateful firewall, this packet is getting dropped on the firewall which is expected as RST packet terminates the TCP connection. I think it would be best to reach out to our support team for further help on this. This definitely needs some real-time…
-
For example if WAN IP is 1.1.1.1 and the secondary subnet is 2.2.2.1-2.2.2.6, you can use one of the IPs e.g. 2.2.2.1 from the secondary subnet for static ARP and use that entire secondary subnet in the route. Thanks!
-
@Kiritharan I would suggest using NSv trial for this. While taking the course, the trainer would provide you access to the lab device for practical sessions. For self study, you can use NSv trial. Thanks!
-
I would suggest doing a packet capture to figure out what could be the issue. https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/170513143911627/ You can use the source IP as the test machine that you are testing with. Thanks!
-
Hello @Arkafigs , Welcome to SonicWall community. Could you please try the suggestions given in the KB below? https://www.sonicwall.com/support/knowledge-base/unable-to-access-certain-websites-either-slow-or-completely-failing/170505518651695/ Thanks!
-
The IP address that needs to be added as alias, are they on the same subnet of your existing WAN IP or belong to a totally different subnet? If they are from the same subnet, then you can do a packet capture and see if the traffic is even reaching the SonicWall. The KB is useful when a different subnet is used. Thanks!
-
Hello, Along with the NAT and access rules, could you please add a static ARP and route for those additional IP addresses as per this KB below and then test it out? https://www.sonicwall.com/support/knowledge-base/configuring-multiple-wan-subnets-using-static-arp-with-sonicos-enhanced/170503911164326/ Thanks!
-
@SWmeomy3r, AGSS license includes all the security services like CFS, GAV, IPS, Anti-Spyware, Capture ATP. So, if this license expires, the internet access, etc would continue to work but no security checks will be performed by the firewall. This is going to make the TZ 300 act like a normal router and not a firewall. What…
-
@Naga, You can either configure GVC or SSLVPN for this. If you are using Windows end clients, you can go with GVC. For Mobile devices and phones, SSLVPN can be used. SSLVPN is supported on Windows as well. Please take a look at the KB articles below Thanks!
-
Tagging @Micah. He should be able to get answers for you. Thanks!
-
Hello @lemansgt, Are you trying to set up GVC, SSLVPN, or a site-to-site VPN? There are KB articles available for each of those settings. You can use the link and search for the required KB. Thanks!
-
@Darshil, My bad, I misunderstood. HTTPS connections going through the firewall can be either seen under the connection logs or on the DPI SSL section as mentioned by @BWC. It depends on whether DPI SSL is in use or not. Destination port 443 can be used to filter the connection logs and you should be able to export that…
-
@FFG, Is the server rebooted post the policy change? If possible please test once after a reboot to apply the new policy. Thanks!
-
Hello @Darshil, You can see the current active users and SSLVPN sessions from the GUI, as below: Unfortunately, there is no way to export the data from this page. If you have CLI access, you can use the command "show user status" and get the result. Also, Full DPI/Gateway AV/Anti-Spyware/IPS throughput is measured using…
-
@Euclidnet, I think the best way to check would be by doing a capture for UDP 500, 4500 on the firewall and see if it is making through to the remote firewall. Thanks!