Comments
-
@BWC Michael, one more thing for my understanding. Would i need a cleanup DENY ALL rule? Or does no rule mean drop all / log all anyway? thanks armin
-
Michael@BWC -> as usual SPOT ON! I went to the Log settings before but was looking for access policy. Did not thought to look into TCP / UDP drop/deny etc... But i had to raise the log level to Alert from notice to get it reflected. Thought this log is more common and shows whats going on not focusing on warning/alert…
-
Michael you really rock! Understood Sir! 😀 Ok, will change and use exclusion on the IPS signature tab. Maybe create a group instead of using single entries. " a group for every user" i leaned once ...
-
Well, this is strange.... Even when i set the App IPS Policy Rule with its Adress Source (my server) it does not save it. So it would i assume exclude this for all ips on the network. Anything i miss here? In this case i would might be the better way to exclude it on the IPS signatures instead of using a exclusion policy.…
-
Thanks Michael Ok, i reverted the change on the signatures directly to exclude the server. Created a Match Object IPS added the two option i do not want to be logged. Added a App Policy IPS rule and used the match object to exclude it from being logged. lets keep fingers crossed :)
-
Ah.. one more thing.. Check if your ISP Modem is able to run as a "bridge". So it forwards the internet IP to the Sonicwall. Otherwise you might face issues as these modems offer an 192.168.x.x network as well and you end up with a double NAT space. I had to talk to our provider to get this done. They could to it remotely…
-
You are welcome. Some guys here really helped me very much and now it is time to give some back.... You could plan it like this. The Tz270 has 8 Network Pots were one is used for WAN. So 7 for your design. You can setup the Sonicwall using each ports in a single zone which keeps you flexible for your access rules. WAN Port…
-
OK, Exclude Range can also be a Single IP..... But what for the Match Object then?
-
HI CDS, i am new to Sonicwall tz270 as well. So lets talk Newbie to Newbie.... 1 GB Speed is possible according to Youtube (tz270 throughput). I do run 500/50 Mbit and end up with around 480/49 Mbit having most of the Security Features enabled. I do use 192.168.1.0/24 as well. All in one Zone configured. You can change it…
-
The Alps... Wonderfull .. We do live in Switzerland. Greetings Michael! Thanks for the hint with the Firewall Rule. Correct i set the Destination to the enforced NTP server. Changed it now and will see if i got hits .
-
Michael, again thank you very much for your support! Option is enabled on the DIAG page as well. OK, i keep the NAT as it then routes both protocols. thanks Michael and have a sunny sunday! cheers armin
-
Hi Rupen, I am new to Sonicwall as well but let me give it a try. Create Zone Create Zone DHCP Add Interface to Zone Cable the PC to that Zone Interface (direct or via Switch) Another thing would be using VLANS. But here you might need to ask all mighty google :) Maybe JP can help you here:…
-
@BWC - thanks Michael! Indeed i enabled the option on the DNS tab. With the NAT i forward TCP and UDP now to the poxy. But from what i read it looks like the DNS proxy only handles UDP not TCP. Do i understand this right? But what would happen to DNS via TCP then? Would i need to change the NAT to be translated to UDP only…
-
I think i got it to work. 6.7k hits on the NAT rule so far.
-
Thanks @BWC ! I will try to use a local IP and see if i can route this to some external NTP servers. Agree on your statement with NTP. I use the TZ270 at home and migrated from an OPNSense which had an internal NTP server. Have a sunny Sunday. cheers Armin