Best Of
Re: Failover issue - Switching to other ISP took about 2-3 minutes to get back our internet
Can you use both WANs simultaneously in normal operation [ratio mode]?
Do you have logical probing configured?
Re: Failed to synchronize license information
All I can suggest is what worked for me originally:
Reboot the appliance, then go to Device→Settings→Licenses and Synchronize your licenses manually.
Russ
RussF
Re: TZ470 allow traffic between zones
@johnswenson1 my best guess would be, that either the Subnet mask or the Default Gateway of the statically configured clients does not matach your configuration. Make sure they are correct.
—Michael@BWC
BWC
Re: Error occurred during configuring site-to-site VPN tunnel with Checkpoint firewall
IKE id - I would suggest on the Checkpoint is based on IP address - as is the Sonicwall by default.
First try enableing NAT traversal under IPSEC VPN advanced
As your firewall is behind a NAT device, the checkpoint will see the request from the external Natted WAN address but the IKE identifier is the pre-natted address of your firewall WAN (and hence a mismatch)
the SW can use different IKE ID's I use the Firewall Identifier when we have devices in Azure behind an Azure gateway
Im not sure what Checkpoint supports.
MarkD
Re: I have a feeling most people are configuring their SW's incorrectly
DPI and DPI-SSL are different things. DPI is what gives you all the Next-Gen Firewall features and should be enabled if you want to utilize the security services.
DPI-SSL is broadening this to SSL encrypted traffic and requires a cert in each device. So it could be said that using DPI-SSL will make it possible to inspect 90+% of traffic, only using DPI about half if that and if you disable DPI altogether you aren't doing any deep packet inspection and only using the firewall as a packet filter.
If you would do that then there isn't much sense using a Next-Gen firewall at all and you could just use some open source packet filter firewall.
Turning on "performance optimizations" or "enhanced security" affects low risk threat inspection. More speed if you don't care about low risk threats.
Re: should my VPN setup be improved to make it more secure?
HTTPS management is useful IF you want to manage the appliance over the VPN, External IP to WAN management should be disabled or min whitelisted from a fixed IP address via the WAN-WAN management rule - or as above secured via a VPN.
Your shared key is just that Shared between the client and the sever - symmetrical encryption, its never sent in the IKE negotiation.
Ensure your trusted user is using MFA for VPN access - TOTP in the config
Think about moving to SSLVPN you should have a license and its supported on more platforms than the Global VPN client.
The Logs you are seeing will background noise, not a direct attempt to access .
MarkD
Email Security Software - Windows OS in-place Upgrade
Email Security Software - 10.0.29 - running on Windows Server
I have a split configuration setup - 4 x Remote Analysers all running Windows Server Standard 2016 and upwards, and 1 x Control Centre running on 2012 R2.
My questions - has anyone in-place upgraded the underpinning Operating System on an ES Windows installation and how did it go? Or, should I rebuild the CC on to a WS2022?
Thanks!
"Send socket full, drop it" flooding my logs
I'm not 100% sure when this started but its been a few months. When users connect to SSL VPN, my logs are flooded with "inform" messages SSL VPN #1153. There will be thousands of them..
I've tried searching google and these forums for a mention but nothing comes up. I don't want to just 'hide' the messages as they weren't always generated so something has changed/is wrong. I just have no idea what these messages mean or indicate.
user name and IP blacked out.
Re: VPN
Hello @lemansgt,
Are you trying to set up GVC, SSLVPN, or a site-to-site VPN?
There are KB articles available for each of those settings. You can use the link and search for the required KB.
Thanks!
Why are logs sent in HTML email format blank, but populated If Plain Text email format is chosen?
I had this issue with my TZ300 and now also have it with my new TZ370.
In Email Log Automation, if I have HTML selected for Email Format, the log dumps that are emailed to me are empty other than a heading that says something like
TZ 370W xxxx-xxxx-xxxx Log (part 1) dumped to E-mail at 2024-10-28 01:05:35
The only way I can get log dumps that have data in them is if I chose Plain Text for the Email Format
*** If this is by design then it should be stated in SonicWall KB articles and then you should be able to choose HTML for email alerts and Plain Text for logs
https://www.sonicwall.com/support/knowledge-base/how-can-i-email-logs-alerts-to-a-network-admin/170503702857558
bzperry