Comments
-
@FrankGoos, The rules look absolutely correct. We would need to check why the connection is not successful. I would suggest reaching out to SonicWall support so that we can perform some real-time troubleshooting to figure out the problem. Thanks!
-
@FrankGoos, In that case, please check the LAN to WAN access rule and make sure that port 4013 is allowed. Also, it would be best to perform a packet capture on that port to see what could be the problem. Thanks!
-
Hello @FrankGoos, Welcome to SonicWall community. Are you trying to reach a remote server that is connected to the TZ 500 from a PC on the internet or the other way around? The NAT policy is only required if you are trying to reach the server present behind the firewall from outside. All traffic from LAN to WAN allowed by…
-
Hello @jrittenh, Welcome to SonicWall community. On the TZ 500, if you are running 6.5 firmware, we have moved to HTML5 based bookmarks for which printer redirection etc was removed. This has been already reported to engineering team and tracked on RFE ID: 1090. It has already been approved by the PM and Dev team. Feel…
-
@GuacIsExtra, Your configuration on the firewall looks absolutely correct. On the SonicWall side, we are now proactively trying to broadcast our system ARPs to the upstream device. I would suggest reaching out to the ISP and having them configure a static ARP to bind the usable IP with the X1 interface MAC. That should…
-
@GuacIsExtra, Welcome to SonicWall community. Have you configured the port forwarding for one of the usable IP addresses from WAN interface and not the interface IP itself? I have seen certain situations where the upstream device does not send us the packets on the usable IP due to lost ARP entry for the usable address.…
-
@DorsetTech, This is actually an optional field. You can edit that from the X0 interface itself. Thanks!
-
@DorsetTech, If you have monitoring IP address set for the HA pair, I would suggest disabling monitoring and then changing the interface address otherwise it throws an error. Yes, the IP address on the interface itself is the virtual address and will always take you to the active unit. The monitoring IP addresses are…
-
Hello @DorsetTech, If you are going to be on site, then you can directly connect to the MGMT port. Please assign a static IP on the computer that you would be connecting on MGMT port on the subnet 192.168.1.x. Also, this can be connected using a normal Ethernet cable, no crossover cable required. The IP address on the MGMT…
-
Hello @DorsetTech, With all NSA devices, we have a MGMT port, which is by default on 192.168.1.254 address. If you are making IP address related changes, it would be best to have yourself connected to this port so that you do not lose access while making changes on other interfaces. Are you going to do this remotely? If…
-
Hello @Sandeep, I would suggest reaching out to support and obtaining the GEN6-1285 HF for your firewall model and upgrading to that. We have several other improvements related to DPI SSL on 6.5.4.6. So, honestly 6.5.4.5-53n will not be an ideal choice at this point of time. Thanks!
-
@Darshil, Yes, it should affect only local resource access though. But, I mentioned this some time ago. Please contact support team and get the HF for the firewall model and you can then enable 'Compression Control Protocol(CCP)' for SSLVPN connection, and that should take care of this. Thanks!
-
@Darshil, I would say, it would be best reaching out to support on this one. With firmware 6.5.4.6 we had issue ID: GEN6-1285 reported for unable to access resources with mobile connect from Android devices. With the HF, you would be able to enable 'Compression Control Protocol(CCP)' for SSLVPN connection, and that had…
-
@Darshil, Is the local resource access working after successful connection? I could not find anything like this reported on my end. Thanks!
-
Hello @Sandeep, Yes, you can directly upgrade to 6.5.4.6-79n from 6.5.3.3. Please hold off if you have: 1) Dell X series switch attached to this firewall 2) Android Mobile Connect users - Cannot access LAN resources after connection You might need to contact support and request for the necessary HF in that case. Otherwise,…