Best Of
Re: Failover & LB --> RoundRobin vs Ratio
It barely makes any difference which forum you put it in because the software and configuration options are almost identical from TZ270 to SM9700 [or whatever the biggest one is]. So TBH, the problem here is that the forums are split by subjective firewall size rather than what task you are trying to achieve!
I assume you mean source/destination binding. I always enable this and think it should be the default. Some websites and applications get confused and annoyed when you log in and then randomly change what IP address you are coming from. It does reduce the maximum theoretical effectiveness of the F&LB.
The difference between round-robin and equal ratio balancing is that round-robin always puts each flow down each connection in turn, and with ratio balancing the firewall is tracking how much bandwidth is in use on each interface at a time, in order to try and achieve the ratio you specify.
Nowhere in the documentation does it say how asymmetric WANs are handled. The F&LB settings screen makes no reference to the configured interface bandwidths, so that suggests to me that it doesn't.
Re: TZ-370W transmitting unsolicited messages from WAN
The firewall by design will talk to the internet for its internal service, its not unsolicited its required by the appliance,
License management
Internal DNS
Timesync
security services.
etc….
To monitor these, use the Monitor/Tools and Monitors/Packet Monitor/ Advanced Monitor Filter
Enable this to include firewall generated packets in the capture. NOTE: This is needed if firewall generated packets need to be captured even if other capture filters fail to match. This includes packets generated by HTTP(S), L2TP, DHCP servers, PPP, PPPOE, routing, etc. These are marked with (s) in the incoming interface section of the captured packets list window if coming from the system stack, otherwise the incoming interface is not specified
Re: Sonicwall TZ400 to UDM Pro site-to-site disconnects
Try changing the P1 and P2 lifetime timers - try 3600 (1 hour) on P1 and 288000 so they dont collide
When there is a mismatch, the most common result is that the VPN stops functioning when one site's lifetime expires. The tunnel does not completely rebuild until either the site with an expired lifetime attempts to rebuild, or the longer lifetime fully expires.
Re: TZ300 vs TZ370 firewall rules in general
Zones are apparently based on trust.
Zones are groups of interfaces. The "trust level" is a shorthand for, "by default, should traffic from here to there be allowed or not?". You can tweak the default rules to taste.
What good is that model if one of your trusted machines is compromised?
How the firewall is managed won't make any difference to defending internal machines from each other - traffic to and from the same network will not pass through the firewall, so it cannot act on it. This does not invalid the firewall zone concept.
Re: How client gets an ip adress from vlan pool
Your X0 interface is the untagged or native VLAN. when your laptop is connected to X0 it will not add a 802.1q tag in the ethernet frame.
The VLAN sub interfaces comes in to their own when using VLAN capable switches, servers, Access Points etc.
Example below using a switch which can add VLAN tags.
I could be a switch or AP where different SSID's are assigned to unique VLANS
There are may resources on VLANS
Re: SonicWall TZ 570
@KevinLynch there is no rule of thumb for that, it all depends how active your deployment is.
You might select the longest time frame to show the logs and scroll down, this should give you an estimate how long the log lasts for your appliance.
—Michael@BWC
Re: SonicWall TZ 570
@KevinLynch I don't do much log automation via email, but my guess is that the log ring buffer gets filled up every few minutes and this causes the TZ to send out a new mail.
—Michael@BWC