Best Of

Re: SonicWall NetExtender 10.3.0 Linux client (equivalent --always-trust like 10.2.850 version?)

but I can't add it on the Linux side because I don't know the password to it

You don't need the password - certificates don't have them. Only private key is sometimes protected by password.

The part which should be added to CA store is a public part - the certificate - and is always sent to client in unencrypted channel at the first part of establishing a SSL/TLS connection.

You cant save that cert into file using openssl :

openssl s_client -showcerts -connect server_address:443 -servername server_address </dev/null 2>/dev/null|openssl x509 -outform PEM > server_cert.pem

You can then check downloaded certificate details with openssl too:

openssl x509 -in server_cert.pem -noout -text

In that way you can download certificate sent by any server during SSL/TLS handshake.

Robertus

2

Re: Can't increase heigth of SonicWall NetExtender 10.3.0 Linux GUI on Ubuntu

OK, I believe I have found the answer for you. Try holding down the SUPER/Windows key and right-clicking the title bar, and choose Resize from the menu (I'm trying this on 24.10, so hope it works for you).

https://askubuntu.com/a/65513

byroniac

1

Re: Can't access management interface of remote TZ270 via VPN

Is that what it is?
It is then possible to log into the GUI with the VPN client account.

Mariusz

1

Re: SonicWall NetExtender 10.3.0, OTP authentication failure issue

In my case it's not Tunnel All related, connection works fine when unbinding the Token from the User on the Authentication Server.

—Michael@BWC

BWC

1

NSa 2650 - Built-in Storage Module failing?

Hi,

did anyone experienced the problem that the built-in 16 GB Storage Module becomes unavailable over time?

Serial blob (Status)   : 
0: Built-in Storage FFFFFFxxxxxx (0)


Built-in Storage Report
Mount status       : Signature error
Size status       : Invalid
Association status    : Not yet associated
Enable status      : Disabled
Card SN         : 
Card Auth Code      : 
Drive size        : 0 GB
Drive reformatted    : No

After opening a Support Ticket we're still fishing around, but I did a power-cycle and the Module is available at the moment, but for how long? A normal reboot did not brought the Module back to life.

In the Trace Log I saw many SQL Insert Errors two weeks ago, that could be the time frame where the Module became unavailable. I updated to 6.5.4.8 around 4 weeks ago. The appliance was somewhat inactive so I cannot tell if this happened earlier with 6.5.4.7, but there is no indication of that in the Trace Logs.

Could this be a Software issue or is the Module failing on the hardware side of things?

--Michael@BWC

BWC

1

Re: Python API works on 7.0 but not on 6.5

https://community.sonicwall.com/technology-and-support/discussion/comment/22669#Comment_22669

Hi @Veraniti, the API response "message": "Login as a user." suggests you just need to send a POST to the /start-management endpoint. The user is logged in, but "as a user" rather than an admin. Alternatively, enabling the "go straight to management" option on the SonicWall Administrators group should log you right in without sending a request to /start-management. However, this affects web logins as well so logins from an administrator would go right to management instead of the intermediate window/page with the button to begin management.

Jaime

1

Re: Internet loss for 60 seconds or less - several times a day on TZ400

Configure Failover and Load Balancing with logical probing on the WAN(s). It will log the state of connectivity to the probe target and keep some [limited] statistics.

Arkwright

1

Re: Source IP in auto-generated packets in destination VPN Tunnel

There is an internal implementation logic that defines the selection of the interface as the source, when a packet is generated by the firewall. I think it uses the interface with the lowest index number, that is enabled and active.

MustafaA

1

Re: Immediately after running a battery of "Crypto" tests our Nsa 4650 fails

It's random though, script kiddies doing bulk login attempts. Just because it doesn't crash immediately does not mean your device is not vulnerable.

Disabling SSLVPN service on WAN and leaving it for some time is probably best way to be sure.

Issue was resolved in 6.5.4.15:

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

Arkwright

2

Re: NetExtender on the New Surface Pro Snapdragon PC's

Hello @ArielF and @AckermanIT

We have good news from our Product Management Team. The upcoming Windows NetExtender version 10.3.0, expected to be released at the end of November, will include support for ARM-based processors.

MustafaA

3

Join the Conversation

Best Of