MarchMadness

Newbie ✭
Default Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

MarchMadness Newbie ✭

Badges (3)

Name Dropper1 Year AnniversaryFirst Comment

Comments

  • Negative, both DHCP. Originally had just 1 ISP but added a second for basic failover thinking it was the first ISP having service issues. This morning it locked up again, wouldn't pass traffic across WAN until I pulled power on the TZ270. Opening a support case.
  • Having this random disconnect issue. 2 WAN interfaces in basic failover, neither pass traffic, site to site VPN stops working. Forced to pull power on the TZ 270. TZ 270 running OS 7.0.1-5095
  • correct. web site hit should show non-dropped traffic, not destinations in CFS allowed policy but rather all other web traffic that traverses the sonicwall. Remember viewpoint? It had reports for web traffic. I have a similar report in my syslog app but of course my dilemma is i can't get web site traffic to appear - it's…
  • here's an example syslog message: Message : id=xxxxxx sn=xxxxxx time="2023-01-11 21:44:23 UTC" fw=w.x.y.z pri=6 c=1024 gcat=2 m=97 msg="Web site hit" srcMac=macaddress src=LANIP:51368:X0 srcZone=Trusted natSrc=w.x.y.z dstMac=macaddress dst=20.190.135.43:443:X1 dstZone=Untrusted natDst=20.190.135.43:443 usr="username"…
  • Is it a bug or setting to show all web traffic in syslog not just dropped traffic? In my case it's not CFS dropped traffic. Not sure why the traffic has fw_action=drop and that's the only web traffic that is showing in syslog data using enhanced syslog format.
  • I just posted the same question. The thought is a TOTP user that has been compromised, who has not binded to their authenticator app yet, can still be accessed by a threat actor. The threat actor in this case has beat the user to binding first (assuming they know the URL to bind).
  • From my understanding it's always best practice to have a break glass account without MFA. If mfa stops working for whatever reason you'll need some type of management access. Make the default admin account a lengthy password and never use it. you can create a secondary account with admin role and have that use MFA. Went…