Best Of
Tech Tips: How to resolve NSM error "Acquisition Failed, unexpected response status code 403"?
This issue is noticed in NSM while adding few Gen 7 firewalls (Any Gen 7 firewall with Gen 6 firewall settings imported in it).
Reason for the Issue:
The Gen 6 devices don't have SonicOS API, so the settings import from any Gen 6 to Gen 7 devices will disable SonicOS API. This is the cause for the unit acquisition failure with an error as "Acquisition Failed, the unexpected response status code 403" in NSM.
Resolution:
Note: Even though the Gen 7 management UI shows the SonicOS API is enabled, we need to check the actual SonicOS API status in Tech Support Report (TSR).
How to find the SonicOS API is enabled or Disabled?
Download Tech Support Report (TSR) from Gen 7 unit which failed with 403 error. And search for "SonicOS API" and it will show that option is enabled or disabled as below
In this example, it is turned off. This is the reason for the error while acquiring the unit in NSM.
How to enable SonicOS API?
Login to firewall management via CLI using SSH or Console access.
Enable SonicOS API using the below commands
>config terminal
>administration
>sonicos-api
>enable
>commit
Example of the above commands are shown in the below picture
Please verify TSR again to make sure SonicOS API enabled as shown in the below picture
Now the unit will show online in NSM as below
Thanks!
Re: Suddenly cannot access Gen 7 UI from Firefox
Quick search shows you might have a corrupted cert store in FF.
TKWITS
Re: NSA 4600 Global VPN Client cannot access Site to Site Network
My guess is that Office 2 firewall does not know how to reach GVC IP addresses, in this case 192.168.168.62.
The 192.168.168.0/24 [guess] network needs to be part of the site-site subnets for this to work.
Re: ES 10.0.11 - DMARC Reporting missing - nothing but Google?
!!! DO NOT INSTALL 10.0.20 - I've got a 2nd mail to hold off because of an issue !!!
If anyone is fancy about DMARC reporting, SNWL released Firmware 10.0.20 without much commotion which addresses this topic, according to the Release Notes and Feedback I've got on my long running Support Case. Some other fixes are also included, besides a few new features.
Time will tell if it's the case or not, I'am installing it right away and see everyone on the other side.
--Michael@BWC
BWC
Re: Network ports went dead after a reboot
@Hannman if I get this right, none of the network ports is working, even the MGMT port is dead? Did you tried to boot into safemode to make sure it's not a ROMpack related issue, if you can get a network port working?
If nothing helps you need to get in touch with SNWL support.
--Michael@BWC
BWC
Re: Two fixed IP addreses routed to two internal https servers?
It sounds more like the poster is trying to 'extend' the LAN to second interface, but ya know, details.
As BWC said you cannot have two interfaces in the same subnet. Thats not how IPv4 routing works.
To get around this Sonicwall has a feature called PortShield, which allows you to set a second (or third, fourth, etc.) physical interface to be on the same IP subnet and security context as another. E.g. you would 'PortShield' port X3 to X0 to 'add' it to the LAN subnet and LAN zone.
You would not need to configure X3 separately as it 'inherits' the IP of X0.
TKWITS
Re: How to access the global dashboard view?
@Philippe_V_C - what you're referring to is an Account. This is made available on request to MSSP partners - please reach out to your Channel Account Manager to get access to this. FOr more information, please see this KB article:
SuroopMC
Re: IPsec (ESP) packet dropped
These types of practices are annoying... One day a week, must be nice...
What have you tried so we don't duplicate ideas? Clearly you're not running the latest firmware.
TKWITS
Re: IPsec (ESP) packet dropped
"Policy not found" is not referring to ACL, it's referring to an IPsec policy, ie, a configured VPN tunnel.
Have you got both of the public IPs configured on the tunnel at the other end? From your description, I wonder if perhaps sometimes the IPsec traffic is coming from the backup WAN interface, for whatever reason.
Re: IPsec (ESP) packet dropped
The other thing to check is if the VPN tunnel is assigned to a specific WAN interface, or the WAN zone. VPN Settings \ Advanced tab.
TKWITS