Best Of
Re: Site to Site VPN on specific WAN IP
Maybe someone else knows better, but like I said, I don't think it's possible.
You will probably find it easier to change the interface IP of the firewall than to work around this.
Re: Syslog routing on X3
Hi @Rob7
what are the X3 interface zone type and syslog server address object zone type? Please check zone details. It must be same and behind the X3 interface.
Re: New to Sonicwall - need pointers
Management access should be restricted and while meshed inter-office connectivity can be convenient it is also a security risk. If any IP at any location can access any IP at any other location than so can a malicious actor.
TKWITS
Re: New to Sonicwall - need pointers
SSLVPN access is two-fold: Client Routes and User VPN Access. You can add as many Client Routes as you want but if a user isnt granted VPN Access to the subnets it won't ever work.
You must also be aware of how your S2S VPNs are configured, firewall rules, etc.
What you are looking for is commonly done.
TKWITS
Re: New to Sonicwall - need pointers
I wish to connect to one location and have access to all locations for management
If you mean managing remote firewalls, the VPN policy will need to have management enabled on it as well.
Re: New to Sonicwall - need pointers
I think I need to add tunnels from each building to every other building. I was just asking if this is the best way to achieve what I am looking for OR if I should be able to get to every building through the main building (right now I can't do this).
If you mesh everything together [tunnel from every site to every site] it gives the best performance and resilience but has the highest management overhead.
If you route everything via a central site then it is the simplest to manage but less resilient and the traffic has to traverse the central site.
Your choice.
Major Issue with SonicWall NetExtender & Microsoft 365
There is an issue with SonicWall NetExtender and Microsoft 365 authentication.
The VPN Client NetExtender modifies this key in the registry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Which causes authentication with all Microsoft 365 applications to fail.
This issue kept popping up in my environment over and over, and after deleting this key it fixed. It was only happening on client machines that had Dell SonicWall NetExtender installed. Posting this here so other professionals can see the fix.
Re: Send to another syslog always via WAN
Syslog, management, DNS, etc. packets generated by the firewall will not be routed outside of the outbound interface. For instance, you have a static route for LAN traffic to go to 10.11.12.x via another gateway on the LAN. Normal (PC / Server generated) traffic can route there, but firewall 'management' traffic from its LAN interface destined to 10.11.12.x won't ever get routed to that gateway.
This is by design and might be what you are dealing with, but without more details we won't be able to say for certain.
TKWITS
Re: Migration from SonicWall
@khodgson_bts login via SSH to the NSA 4600 and do the following
no cli pager session configure show current-config
If you dont wanna connect via SSH you can download the TSR from the Diagnostics page which contains the config as well.
At least you can see in clear text what is configured and can work your way up.
--Michael@BWC
BWC
impossible to access www.mysonicwall.com from the TIM network (Telecom Italia)
reported the problem to sonicwall and tim
Alberto