Comments
-
I typically go to the DPI-SSL page, then go to the tab "Common Name", and then hit "show connection failures". From the list, I can then exclude specific URLs from DPI.
-
It removed some Access Policies and a few Routing policies for us. Some IPSEC tunnels never came back either. Had to rebuild those from scratch.
-
It says 7.1.2 is available now for all Gen7 devices, but the download is nowhere to be found… I was going to be brave and test it out in the lab.
-
Just assign a zone (LAN) to x8, and an IP address, and then assign a zone (WAN) to x9 and set static/DHCP accordingly. BTW, you're never going to see 10gbps throughput, up or down. Yes, it has 10gbps interfaces, but firewall throughput is 5gbps per SonicWall documentation (perfect conditions in a lab setting), and if you…
-
Go to your X0 interface and set it up: You'll still need a connection between your switches, as Ubiquiti doesn't support MLAG, and I don't think the TZs do either.
-
This just keeps getting better and better... The device is registered. absolutely blank/nothing on the License page. Hopefully a reboot fixes this. Users had a great time doing whatever they wanted today. Hopefully they didn't infect anything. I'm so tired of SonicWall's crap. Seems like they hired whoever Quality-Control…
-
Seems SonicWall is slipping...
-
Could the MTU have been the problem? Possibly. MTU mismatch can cause all kinds of anomalies. What should have been the correct size? Depends on what the PMTU test returns as your WAN's MTU on each firewall How does the ignore don't fragment bit affect the tunnel? This shouldn't really affect your tunnel much at all.…
-
I think I finally solved the similar issues I was having by setting Geo-IP to "Per Access Rule" instead of "Global", and then I edited my WAN->WAN access rule and set the Geo-IP Allowed Countries (under the specific rule's Security Settings) to United States. Cut down nearly all of the issues I was having with other…
-
Thanks. Going to try this today.
-
I had allowed countries set under the main Geo-IP settings, and then in my individual rules for incoming services were set to US only. I guess I didn't understand that those individual rule settings I had changed to "custom" instead of "global settings" and set to US did not in fact do anything at all until the main Geo-IP…
-
update: I just switched to per-rule Geo-IP filtering, and added the allowed countries to the LAN->WAN list (and other internal networks). Now my WAN->DMZ rules that have USA only might work. We'll find out!
-
Bumping this up as it appears it is still happening. Access rule has USA as only listed allowed country, but getting hammered from UK, Canada, France, and more... When I look up the IPs in Diganostics sub-tab of Geo-IP settings, each country seemingly is correct, aligned with a lookup on arin.net Now on version SonicOS…
-
depends on: -speed of your internet pipe at each location -QoS settings -amount of users at each location -security services used at each location/on each firewall (all of the above come into play for each firewall's load) I don't think I've tested from a TZ to TZ in a long time, but with 1gbps/1gpbs DIA fiber at all…
-
What are your UDP timeout settings? You might need to increase those. Any insight as to what PBX & endpoint you're working with? That may help.