TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
I never use 'All Connections', as that means lookups are happening even for what could be 'internal' traffic crossing the firewall. Have you tried changing the setting to 'Firewall Rule-based connections' and enabling GEOIP on the appropriate access rules?
-
@SonicAdmin80 summarized it pretty well. "I just think this is a very misunderstood setting with SW's" The same can be said about any NGFW, as DPI and DPI-SSL are pretty much standard fare on all manufacturers. People will read Reddit and not actually understand any of what they are doing, and put themselves in…
-
Do you mean port forwarding?
-
Sorry, I meant X1 as you correctly interpreted. This is simple port forwarding with inbound source restrictions.
-
Doesnt seem likely as these settings probably modify system-level functions which are outside the view of management. I suppose a poke around in the diagnostics menu might reveal additional options.
-
I dont recommend ANY zone to ANY zone rules. Also I noticed you are specifying the Source Port in your access rule as the same as the Destination Port. Thats not how this works. Source ports are usually ephemeral. What happens if you do a specific LAN (or whatever zone the PS4 is in) to WAN access rule allowing the PS4 IP…
-
My short retort was against this line and wasn't meant to be malicious, just a reality check: "what exactly are all the records/objects/things I need to configure on the TZ 215 to get this to work?" Thats a vague and open-ended question. Frequent forum users will know I am blunt, but I genuinely try to help guide people. I…
-
I dont think tunnel-mode VPN would work, because ultimately we would run into the same issue (same tunnel gateway IP). I was under the assumption there was another ISP we could use at the Linkou site. Is it a requirement that the camera traffic go over a VPN tunnel? You are hitting the limitation of VPN tunnel technology…
-
" how do I bring that traffic back 'down' to the PC for the communication to continue functioning between that device and its software on the PC" Use split tunneling
-
Does the device boot into safemode? AFAIK, safemode is the only way to recover firmware on pre-Gen7 devices.
-
I was going to say the same thing. It sounds like you unintentionally found a quirk in the Watchguard VPN client, and things 'just worked' for you. Since you are using tunnel-all, ANY IP traffic for ANY subnet will go over the tunnel. That's why its called tunnel-all, and thats why you are still seeing ethernet traffic in…
-
From your diagram and description it sounds like you want any traffic from Security Cameras to have connectivity to the NVR at Taipei, but to utilize the WAN connection on X1 on the NSA4600 at Taipei, rather than the X2 connection (which normal user traffic flows over). Simply create a second VPN tunnel at your remote…
-
Seems like you could accomplish what you need with DNS Proxy and static entries. Or you could go the old school, less-centralized route of HOST file entries on individual machines.
-
"Is it true that the TZ 215 will not respond to HTTPS Management traffic over static ARP?" True, Sonicwalls will not do that no matter what the model or firmware. As Arkwright suggested, getting another WAN interface connected would be the most solid and, considering your experience, least stressful for you. Otherwise you…
-
Did you search the web?