To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".
Look into Sonicwall's Capture Client. The TZ alone cannot automatically isolate a device if it becomes infected.
Hi @MDS_UK , are you using the migrate tool ? https://migratetool.global.sonicwall.com/
if not use this and see if you get the sam results and make sure the 6 Appliance is on the latest 220.127.116.11 firmware and Gen7 appliance you are upgrading to is the latest 7.0.1-5023-R1826 firmware
I've migrated lots of configs this way the only issue I've seen recently is sometimes the WAN Group VPN Shared secret is incorrect after migration.
If you are attepmting to migrate gen5 appliances you'll need to go via a Gen6 appliance.
if you are migrating from a Gen 6 appliance make sure it is on at least 6.5.4 not 6.2 or lower
QUIC is Google's lossy implementation of HTTPS. Its been made a standard (unfortunately), but as PRESTON mentioned it can cause issues with DPI-SSL functioning correctly with Chromium-based browsers.
There's a reason PRESTON mentioned it.
Since it was just ratified into a standard in May, I doubt any companys DPI-SSL can handle it completely just yet.
Go off this guide below with the additional changes (ignoring the WAN remote Networks object in the users Group, you can use the Object to simplify the VPN-WAN firewall rule but not in the User Groups) and replacing with the items in 2 & 3
This document presumes you are using X1 as your WAN interface if your is different choose that Interface instead.
2. Create the Address Objects for the remote IP addresses as hosts in the WAN Zone
3. Add these to the User Group used for the VPN policies (usually the Trusted one or if you are using an imported LDAP group add in there as VPN Networks)
4. So in your User Group for the VPN you should have the local Networks and the remote IP Hosts.
What Preston said is accurate.
@IanJ IMHO this can be accomplished this way:
ssh to appliance
If you want to see the auto added rules, you must have to disable that highlighted feature. then only it will reflect the auto added rules in your ACL. If you enable that feature, auto added rules will disappear and you can create your own rules.
@Broad_Access do you mean urlprotection*.global.sonicwall.com? Sure thing, if this is not available no URL will be accessible until back on.
I usually deactivate URL protection because it caused some trouble in the past, can't tell if there was much progress on that front.
Clearly the responder doesn't like your IKE ID... Try changing it to the documented settings (you have them documented right?) or just your WAN IP address. Ask the third party to see what the firewall is sending as its IKE ID and what its expecting.
Other wise follow Ajishals recommendation.