Best Of
Re: Is anyone getting hammered by password spray attacks recently?
>>Began with adding IP blocks as Botnet entries on our NSa.
I've added the Tor Exit ipv4 to the dynamic botnet list. That stopped 99%
Re: TZ400 adding 2nd subnet to LAN X0
VLANs with Layer 2 capable switches and a sub interface on the SonicWALL
Re: I have a client looking to swap their SonicWall Tz firewall
"Only" 900Mbps? You will only ever get 940Mbps TCP/IP throughput with 1Gbps ethernet anyway, so they're not missing out on much.
Yes, you can use the SFP+ interfaces for LAN, WAN or whatever you choose.
Re: TZ470 - How to block / allow mobile phone access
@Simon_Weel IMHO there is nothing you can do, because there is no form of authentication from the mobile device to the firewall if no VPN is involved. MAC address gets lost on Layer 3 and the IP is dynamic so your only option might be to reduce the attack surface by using GeoIP for your country.
SMA 500v isn't that expensive and might be of use for other scenarios, like having Wireguard instead of TCP based SSL-VPN, better Portal, etc.
--Michael@BWC
Re: SonicOS 7.1.1-7051 Maintenance Release
Issue still continued but instead of constant 100% utilization after applying the latest maintenance release it would spike 100% then 50% consistently. I disabled AppFlow and rebooted and everything cleared up! If you are not using AppFlow....disabling it will reduce Management Plane CPU utilization to normal ranges.
Re: SSL VPN Can't Resolve DNS
DNS search list. You need to add corporate.local to it so that clients know how to form DNS requests.
Re: Help With SSLVPN - Allow by FQDN /IP
No, you don't need any custom rules for this, delete them. Deny is implicit and the Allow Rule is the Default (no modified with your source object).
I meant the default rules for management, you can limit them as well to only allow specific addresses, if this is possible in your scenario.
You can add Botnet and GeoIP Filtering as well, to block certain countries etc.
--Michael@BWC
Re: Help With SSLVPN - Allow by FQDN /IP
@stokie21 I'am sorry, I've told you only the half of the story.
You have to enable the Option "Enable the ability to remove and fully edit auto-added access rules" on the internal settings page, then you can edit the default Access Rule.
Sorry for that.
--Michael@BWC
Re: Help With SSLVPN - Allow by FQDN /IP
You have to edit the SSLVPN Rule that's in the WAN-to-WAN selection, it's #13 in your latest screenshot.
If you're in the WAN-to-WAN rules anyways, you should check if you can limit the Management Rules (HTTP + HTTPS Management, SNMP and SSH) to avoid any access to your Firewall that is not wanted, just as precaution.
--MIchael@BWC
Re: Help With SSLVPN - Allow by FQDN /IP
@stokie21 list custom & default rules (All Types), the default one is probably above your deny rule. Get rid of your two custom rules and set the Source of the default rule to your WAN_FQDN_HOME_WORKERS object.
--Michael@BWC