Comments
-
@Nat, The SM devices have 6.5.1.12 as the latest firmware as of now. We have introduced a lot of new features and fixes for other models post 6.5.1.X. So, the other firewall models should be upgraded to 6.5.4.7-83n. Thanks!
-
That's my bad. GEN6-1268 is for a DPI SSL issue. But CVE-2020-5135 is addressed on 6.5.4.7-83n version. I apologize for the confusion.
-
Hello @Nat, The vulnerability CVE-2020-5135 is present on all firmware versions 6.5.4.4 and earlier. It is fixed on 6.5.4.7-83n firmware version. It would be best to upgrade all firewalls to 6.5.4.7 version. Thanks!
-
Hello @Alberto, This was reported on issue ID GEN6-1268 and it is fixed on the latest firmware version 6.5.4.7. Please make sure that you are running on this firmware version. Thanks!
-
Hello @JeffW, Could you please make sure that the necessary route policies for AWS VPN are in place? If yes, kindly reach out to our support team for real-time troubleshooting. Thanks!
-
Hello @Manishkct, Yes, this looks absolutely correct. When you need to access 172.16.0.1/32 from 192.168.1.1 and 192.168.1.2/32 IP addresses, you can just enter the IP 10.16.0.1 and that should do it. The configuration looks correct. Thanks!
-
Great! Glad that it is working correctly.
-
Hello @TomChou, There are a few minor changes, but it should still have that option. I checked on a TZ 670 and can see the following What device model and firmware are you on? Thanks!
-
Hello @TomChou, Yes, we do have the diag page on Gen 7 devices as well. You can visit that by going to the following link - https://<mgmt-ip>/sonicui/7/m/mgmt/settings/diag Please substitute the IP address of the firewall instead of <mgmt-ip> to get there. I hope this helps! Thanks!
-
@JesperB, I have a firewall on 6.5.4.7 and can see the option 'Enable Compression Control Protocol(CCP) for SSL VPN Connections' available. This needs to be in enabled state for the Mobile Connect to work right from Android/ Chromebooks. Thanks!
-
@Manishkct, You can use the IPs like 192.168.2.10, 192.168.2.20 instead of 192.168.1.10, 192.168.1.20 respectively in the VPN tunnel that you set up on this end. On the remote side, 192.168.2.10, 192.168.2.20 would need to be translated back to 192.168.1.10, 192.168.1.20 respectively. So, when you need to access…
-
@Manishkct, In that case, I would suggest using NAT over VPN. Even if you use the tunnel mode, the remote networks will be specified on the route policy and the firewall will be confused on which VPN to use for that destination network. Please take a look at the KB articles below I hope this helps. Thanks!
-
Hello @Manishkct, Welcome to SonicWall community. Unfortunately, we cannot do it like that. When we use tunnel mode, the proposals are changed such that the network info is not recorded or sent in the VPN proposals. If the other end is configured in site to site mode, it will need to match the network proposals to bring up…
-
Hello @Ajishlal, I just received confirmation from the IPS/GAV team that the following signatures in GAV should be able to block Kraken fileless attack. GAV: Kraken.RSM_5 (Trojan) GAV: KrakenCrypt.RSM_2 (Trojan) GAV: Kraken.RSM_2 (Trojan) GAV: Kraken_2 (Trojan) Thanks!
-
@Ajishlal, Yes, exactly. Me too. I have written to the concerned team to get confirmation on the same. I will let you know. Thanks!