Comments
-
Hello @Rinconmike, Most of the banking applications use certificate pinning. Since DPI SSL is like man in the middle, it might not be able to scan such applications for security reasons. So, the application is programmed to look at the certificate designed for it and not the store where you are installing the DPI SSL…
-
@Alberto, Instead of just ubuntu.com, I would suggest using *.ubuntu.com as below: address-object fqdn Ubuntu domain *.ubuntu.com zone WAN This will include all subdomains of ubuntu. Thanks!
-
Perfect! You can similarly add all address objects, group them and then use in the access rule. Thanks!
-
Hello @Alberto, From CLI, you can use the syntax address-object fqdn <Name_of_the_object> domain <Name_of_the_domain> zone WAN commit Eg: address-object fqdn Test domain www.google.com zone WAN Thanks!
-
@Nick, Could you please share a screenshot of the same? As per the NAT that you have added X3 IP should be translated to X0 management IP, so that should not take place. Also, do you see any other NAT policy created that translates X3 IP to X1 IP instead? Thanks!
-
So, when you ping 2.2.2.2 IP from LAN, there is no response? Or you see the response back from 1.1.1.1? Which one of the two WANs is the primary WAN connection? Thanks!
-
Hello @Rinconmike, Please take a look at the KB below. It lists various methods of distributing the DPI SSL certificate. This will help you across multiple client types and browsers. I hope this helps! Thanks!
-
Hello @Nick, I needed some more data from you. what do you mean by 'When I ping X1 and X3 from LAN, that all responds X3 WAN IP…'? Also, are you trying to ping the IP addresses configured on X1 and X3 or some other usable IP from those subnets? Can you perform a packet capture on the firewall, while you perform the ping…
-
Hello @Johnf, Gen 7 devices have several hardware and firmware improvements. The SonicOS 7.0 is Linux based which provides several advantages. If we look at the security features like GAV, IPS, Anti Spyware etc, they are all cloud based signature updates and are identical. But, features likes DPI SSL, TLS 1.3 support etc…
-
@kboyle, I would suggest looking at the RBL filter. That feature checks for blacklisted SMTP servers. It might be causing the interruptions that you see. https://www.sonicwall.com/support/knowledge-base/configuring-smtp-real-time-black-list-rbl-filtering-on-the-sonicwall/170505557998744/ Also, you might need to check the…
-
Hello @Johnf, The TZ 570 is one of the latest Gen 7 TZ products with better performance and added features that runs on SonicOS 7.0. You can definitely export the settings from the TZ 400 and import to this TZ 570. Please take a look at this support matrix table for firmware compatibility. Thanks!
-
@Larry, A quick fix will be excluding the concerned IP addresses from GAV. Once you do that, if you get the actual file, kindly report on this link, or you can call support to help you through that process. Thanks!
-
Hello @kboyle, Welcome to SonicWall community. I would suggest adding an access rule as per the right zones and disabling DPI on it, so that it can be bypassed from all security checks. Please take a look at this KB: Thanks!
-
Hello @Alberto, You can either perform these tasks via CLI or SonicOS API. Please take a look at the following KBs. Once the objects/groups are added, the access rule in a single step process. Most of the services are built-in, you can manually add any custom ones. I hope this helps! Thanks!
-
Yes, you can certainly try that. Please verify the MTU across the MPLS connection, that might be causing such issues too. Thanks!