jst3751

Newbie ✭
Default Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

jst3751 Newbie ✭

Badges (7)

4 Year Anniversary2 Year Anniversary3 Year Anniversary1 Year Anniversary10 CommentsName DropperFirst Comment

Comments

  • OK, this is more evidence that Sonicwall Support is a bunch of lazy people. I have a case open on this since 05/27 and so far the assigned support person asks for more information. HELLO, the information is right in front of you. Not one effort has been made to escalate this to someone actually capable of understanding the…
  • UPDATE: Apparently, this is caused by the resulting DNS lookup have more than one A record. I have a support case open for this. One had to be done was create an FQDN address object *.sharepoint.com and then create a firewall rule to block that as a destination. That is stating is simply. It is a lot more complex which I…
  • That really does not help at all, as blocking everything there will also then block other Microsoft services.
  • Sorry for the long delay. Other things have been keeping me busy. The HTTP service rule is working as intended. The problem is HTTPS is not catching anything. Below is the HTTPS rule which is not catching anything. The comparable HTTP rule is catching. So I tried changing to a custom rule and THAT is not working either.…
  • The Regex expression you listed is not usable, as it is extremely wide open, meaning it catches things such as http://www.google.com/mysearch/6225432.5245235234.5254325.54252.542522 The reason I had originally configured it with https? was to prevent the above. There is no such "HTTP Access" on a NSA2600 6.5.4.6-79n. Here…
  • I also find it funny that I am labeld as a NEWBIE. I have been working with Sonicwall firewalls since the days of SOHO2 SOHO3, TELE3 and PRO100. I was an active member of the original Sonicwall Forum as well as the third party Sonicwall forums. I as an active member when Sonicwall changed to a new forum software and had to…
  • Yes, that is what I am trying to do. So for example a user does a Google search for widgets, and on of the websites is actually http://10.10.10.10/default.htm I want to be able to block that.
  • No sorry that does not help. I know very well how to create address objects and so forth. That is a manual process to be added AFTER THE FACT. I need to be able to block users from accessing IP Based websites at the time of attempt, not later.
  • Unfortunatly there is an issue in 6.5.3.x that we were experiencing that required us to go to a newer version per Sonicwall support.
  • I realize it "should not matter" but I am working on resolving constant events being logged in the Windows Server application log concern certificate mismatch. I wanted to make sure before investigating that problem that it was not somehow caused or tied to different cipher suites being used.
  • Wow thanks for finding that great discussion. So once again Microsoft thinks they are better than everyone else by including a bit of information neither required or desired in that field.
  • More information: I am trying to figure out what the difference is in implementation between these cipher suites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521 The first one is an available cipher suite in a Sonicwall NSA 2600 with firmware…
  • Support case number 43429731
  • OK, now that opened up another problem avenue. I am already forcing SSL checks as if the Intermediate was needed it would be failing regardless of DPI-SSL (Firewall Settings, SSL Control) Checking what certificates I have on the firewall, I see I already have that intermediate installed. HOWEVER, the certificate path is…