Comments
-
Hello @SEBASTIAN, You can include 192.168.2.0/24 network to the existing VPN. As long as the firewall at location B knows how to reach it, it should be accessible via VPN too. Thanks!
-
Hello @Ninad94, Based on the screenshot, I see that the IP: 192.168.4.17 is sending a RST+ACK and most probably the subsequent packet might be getting dropped on the firewall. Since SonicWall is a stateful firewall, it makes a note of the TCP connection status. After a RST, the TCP connection is interrupted due to which…
-
Hello @samaj, The latest web posted firmware is 6.5.4.7-83n. Due to vulnerability CVE-2020-5135, it is recommended to upgrade to this version. You can read more about it on the link below. Also, you can boot with the current settings and that should not affect anything that you have configured at the moment. Please follow…
-
Yes, it should.
-
@mrshahin, 1) Since the access rule is restricted to the address group, changing the source to Any on the NAT will not allow all IP addresses. If allowed on the access rule, only then the NAT would be triggered. 2) I could not tell from the screenshot whether it is an address object or a group. If it is a group, then you…
-
Hello @SGTGMFJL, Thank you for bringing that to our attention. You are right X2 and X3 interfaces should be on separate IP schemes. This has been passed on to the KB team and the article has been updated. Thanks!
-
@mrshahin, Thank you for sharing the screenshots, that makes it simpler for me to explain. 1) Please change the original source field on the NAT policy to Any 2) Create an address group that contains both IPv4 and IPv6 allowed IP addresses 3) Use that newly created address group in the access rule's source field. Thanks!
-
@skunkworks, The primary and secondary devices are selected when purchased. So, if the primary device is being replaced, then all licensing info will be transferred from the older device to the replacement unit. If HA is still configured on this box, then it will just assume that the other unit is down and function as…
-
Hello @samaj, What message do you see when you access it from a Linux machine? Did this take place after some configuration change or firmware upgrade? Since you have access from Windows devices, could you please perform a packet capture and test while accessing from a Linux machine? Are the packets being dropped or…
-
@mrshahin, If it is an inbound NAT policy, you would only mention the original and translated destination addresses. As per your requirement, you would like to have this allowed for certain IPv4 and IPv6 addresses. I would suggest having one NAT policy, with the original and translated source as Any and original…
-
@Alberto, You are right, HF 1249-2n is not included in 6.5.4.7-83n, it is targeted for 6.5.4.8. I think you should inform the same to support and request for a HF based on 6.5.4.7 base line firmware. Thanks!
-
@mrshahin, 6 in TCP(6) stands for protocol number and is not dependent on whether it is being used in IPv4 or IPv6 packet. So, please do not confuse that with the IP version. Thanks!
-
@Espen, No problem. In your case it doesn't look like the tWebMain process. I hope those commands were run during the time of the issue. Anyway, it is best to be on 6.5.4.7 version. Please take all necessary backups before the firmware upgrade. I hope this fixes your problem. Thanks!
-
@Espen, The 6.5.4.7-83n was released just a few days ago, so please make sure you are on that version. I see something similar reported on 6.5.4.4 version. Also, I think the problem could be with tWebRdrctxx tasks. We would need the TSR, tracelogs taken during the hang to further analyze it. It would be best to have a…
-
Hello @Espen, Could you please let us know the firmware version of the firewall? Please make sure that you are on the latest version 6.5.4.7-83n. While you have access through SSH, kindly run the commands diag show cpu diag show process <name_of_process> With diag show cpu, it will show you the CPU utilization with the…