Comments
-
Hello @Darshil, Are you using tunnel all mode? Also, does this happen for all devices using Mobile Connect like Android and MAC ? Thanks!
-
Hello @SEBASTIAN, I have seen it working successfully in tunnel interface mode with AWS and Azure as the remote end. It should work with other vendors. What vendor are you using on the remote end? Thanks!
-
Hello @Alberto, HFGEN6-1249-2n is related to reboot due to tFwAWSServiceAPI task. JIRA GEN6-1721 is actually a duplicate of the same issue. Thanks!
-
Hello @ittech99, I tried to test something similar. I get logs as 'TCP connection dropped' which is an event under Network -> TCP -> TCP Packets dropped. The notes tells that it is not allowed by a policy. You can change this to alert level for better visibility. By default it is on Inform. Sample log message: Log setting:…
-
Hello @Kerby, Welcome to SonicWall community. If xx.xx.xx.02 is nat'd to 192.168.1.50 and the service 'Ping' is also allowed, then you can create a separate access rule as below to restrict the ping traffic from those specific source addresses. Source: Block of IPs to be allowed Destination: xx.xx.xx.02 Service: Ping…
-
@damien92, I don't think 9.0.274 will be compatible with the firmware version you are on. You can try 8.6.266 version and test. But, I would say the easier way to do this will be planning a maintenance window and upgrading the firmware instead. Thanks!
-
Hello @BraytonAssociates, Were there any configuration changes done recently? Are you testing this from a GVC or SSLVPN client? Also, are you able to ping the firewall IP once connected? Are you trying to reach the LAN network or some other routed network behind the firewall? Please take a look at the KB articles below…
-
@shultis, The purpose of the keep alive is to start the VPN negotiation. We want that on only one end so that the other end understands it is a responder and there is no problem is creating the keys. It is important to find out the reason using the packet capture to see why the traffic stops flowing. Are you seeing…
-
Hello @shultis, If the VPN itself it not dropping, I would suggest making sure that the lifetimes on both ends are matching correctly. Also, please make sure that Keep alive is enabled on only one end. If this issue re-occurs please perform a packet capture on both ends to see why the traffic isn't passing. Thanks!
-
Sure @Simon. @damien92, The firmware seems to be really old on the NSA 2600, please upgrade to 6.5.4.6-79n. The Nx version 7.5 is extremely old. What version have you set on the diag page? Could you please upgrade the firmware and let us know the version you see post that? My test firewall is on 6.5.4.6 and I get 9.0.276…
-
@Cesar, That's my bad. This is straight forward for other services like HTTP and RDP but looks like will not work for SMB. The syntax itself will not be accepted for SMB. You can use the dummy IP as before and use SMB itself as the original service. Additionally, please add the following static ARP entry so that the dummy…
-
@Cesar, You can try a Port address translation for the second server. Here will be changes. Choose a custom port that can be used from outside like TCP 4444. NAT policy: Original source: Any Translated source: Original Original destination: 10.10.3.141 Translated destination: Second Samba server Original service: TCP 4444…
-
Hello @Cesar, Welcome to SonicWall community. So, you have a private address on the X1 interface and would like to use X1 IP to reach the internal samba server with IP: 10.20.3.110. First of all I would suggest creating an inbound NAT policy and WAN to LAN access rule as below for the X1 IP instead of the dummy address…
-
No problem. Have a good one!
-
Hello @yda, We had this looked up with our engineering team already on ID: GEN6-1668. Ripple 20 affects the Treck TCP/IP stack. SonicOS does not include that and hence this vulnerability does not affect SonicWall devices. I hope that helps. Thanks!