Comments
-
Hello @BWC, I am checking internally on this one. I will keep you posted. Thanks!
-
Hello @RhuanBarreto, Welcome to SonicWall community. Please make sure that WANGroup VPN is configured as per the KB below Also, for route all traffic, we need 'This Gateway Only' option selected under client settings along with 'set default route as this gateway' check box enabled. The users connecting should have…
-
Hello @Michal, The SonicWall blocked page will show up for all HTTP websites. For seeing the blocked page on HTTPS websites, client DPI SSL needs to be enabled. I see that open.fm is a HTTPS website, that's why without DPI SSL silent block takes place. Also, if you are seeing DNS related errors, most probably it is getting…
-
Hello @Auer, Welcome to SonicWall community. When you use the bound to option on the interface, automatic failover to other interfaces will not take place. Please try the following procedure. 1) Bind the VPN to zone WAN 2) On the remote end use X7 IP as the primary peer address and X1 as the secondary peer address 3) Make…
-
Hello @Rudolf, We have security services like GAV, IPS and Anti-Spyware. All 3 of them are signature driven. We need to be very specific as to what we are looking at. Usually most of the Intrusions are incoming which means they are inbound connections to the firewall. But, that is not always the case. But, one thing is for…
-
Well, I can certainly tell how to test the internet connectivity through a specific port of the firewall but without help from Comcast, there are a lot of unknown factors at play here. Is there no way to get more info from Comcast to help us plan this better? Thanks!
-
Hello @mmontanaro, Yes, I would suggest to connect that device on X2 and then create a static route to send traffic to the internet from a test machine. If the test machine works fine, we know that the failover device is working correctly. Thanks!
-
Hello @Honcoop, With App control turned ON, please try the application and check for the logs. May be some generic signature like Encrypted key exchange or something else could be blocking the traffic. Thanks!
-
yes, perfect!
-
Yes, that looks correct. I think UDP 5349 is missing though.
-
😀 Oh, that is definitely incorrect. Sorry, I totally missed that. It should be 65535. Please check with them. It could be some other number for maximum limit. Thanks!
-
Hello @Alberto , It looks like ports TCP/UDP 3478 and 5349 as well as UDP 65000 to 65599 is also to be forwarded. You can create a service object and mention the port range as per the requirement. The service group can then have all the services needed. Thanks!
-
@Rudolf, Welcome to SonicWall community. You are right. The Intrusions are signature driven and usually triggered when some type of intrusion action is attempted. So, all three points look right. Thanks1
-
Hello @Ninad94, Usually seen this error if you are licensed for syslog based Analytics and you have installed flow based. Please verify the same. Thanks!
-
Hello @MikeCM, The only reason that the SonicWall might be trying to send the traffic on WAN and not through the VPN is when a SA is not formed between the source and destination address. Please check if the source IP from which the traffic is coming to the TZ 300 and the DNS server itself are both part of the networks…