Best Of
Re: No DNS Proxy option on Interface 7.1.x firmware
I think I have done this, but it is still not working. I am trying to have the iCloud relay go to a sinkhole instead.
In the manual, it has these two steps:
"For DNS over UDP requests only, select Enforce DNS Proxy for All DNS Requests. This option is not
selected by default"
"For DNS over UDP requests only, select Enable DNS Proxy Cache. This option is not selected by
default."
I'm not seeing those options though. Everything worked correctly until I upgraded to 7.1.x and lost the option to turn on DNS Proxy on the interface on the network page.
i cannot see the login page
hello, today i finisehed to install a new tz270 firewall, all is working wlan and wired network, all devices see the other ( I used for see them "advanced ip scanner" ).
from my laptop connected wireless i can see the nas connected wired, i can login, but whne i try to connect to firewall it says that is not presente ( i used the usual ip 192.168.168.168) my ip was 192.168.168.62. someone could help me ? before my laptop was directly attached to x0 port, now it pass from a netgear hub.
thanks for your help
Alfredo
Alfredo
Re: Number of records in System Logs
@Mariusz yes, 02-SSC-3114 is the correct SKU for the 32 GB Secondary Storage which fits into the TZ 370.
If you're sure that having the System Logs on the Appliance without further analysis is enough, then it's a viable solution.
If you have the chance to do external logging via syslog, then you would have all possibilities for any kind of analysis. But this requires additional tools, like Graylog, FastVue, NSM etc. for getting the raw data into a nicer form.
—Michael@BWC
BWC
Re: Number of records in System Logs
@Mariusz sadly the buffer cannot be increased, this was and still is a pain point with SonicWall Firewalls.
Sorry for the confusion, the correct term would be Primary and Secondary storage, both of them are "internal" (SSD). The TZ 670 comes with Secondary storage which can be used for saving logs. Primary storage cannot be used for logs, only on NSa 4700 and up.
—Michael@BWC
BWC
Re: SonicOS - which branch is still supported?
@Vivek - perhaps you could offer a hand to the team crafting these less than crystal clear emails? And instruct them to spell-check before issuing because the word "partner" was misspelled twice…
Larry
Re: SonicOS - which branch is still supported?
@Vivek thanks for clearing this up, users currently on 7.1.1 need to update to 7.1.3 and hope they will not cursed with some trouble 7.1.2 brought to some.
—Michael@BWC
BWC
Re: SonicWall NetExtender 10.3.0, OTP authentication failure issue
NetExtender 10.3.1 is available and fixes the issue with MFA.
—Michael@BWC
BWC
Re: Does Capture Client work on remote computers not connected to SonicWall firewall?
Thanks Michael, so if I understand you correctly, Capture Client loses two of its strongest features (Capture ATP & DPI-SSL) if installed on a users computer or laptop that is at home, hotel, etc and not on the office network where say a TZ series firewall with Capture ATP & DPI-SSL is located.
Therefore it cannot decrypt the HTTPS traffic or leverage multiple sandbox engines to analyze files, and would only rely on Sentinal One cloud intelligence to detect known viruses by using Virus Total, and use Sentinal One's Dynamic Behaviour Tracking if not detected as a known virus.
- However if the users remote computer with Capture Client is connected to the TZ series firewall via an IPSec or SSL VPN, would Capture Client then be able to leverage Capture ATP for analysis of files?
- Would the remote computer with proper certificate installed, also be able to leverage DPI-SSL on the TZ series firewall to decrypt SSL traffic to scan it for threats if connected to the VPN? And if so I assume it be better to set the VPN Client Connections to "This Gateway Only"/Tunnel All mode instead of "Split Tunnels" so all the web traffic from the user's computer is sent across the VPN and out through the firewall's internet connection?
- I would think the remote computer connected to office network via VPN in Tunnel All mode would also be protected with Security Services on the TZ firewall such as Gateway AV, Anti-Spyware, Geo-IP Filter, etc as well. Is this correct?
bzperry
Re: Does Capture Client work on remote computers not connected to SonicWall firewall?
@bzperry you can see Capture Client as an independent product from the Firewall.
Capture ATP (auto mitigation) is done on the Endpoint not on the Firewall if enabled in the CC policy. If you have Capture ATP and DPI-SSL enabled on the Firewall as well, it will be inspected there first, but you don't need to rely on it.
DPI-SSL is done on the Firewall, if the traffic goes through the SNWL then it will be inspected by DPI-SSL, Capture Client only helps with deploying the needed CA certificate. Your endpoint always can see the whole traffic, encrypted and decrypted and no DPI-SSL is needed on the Endpoint.
DPI-SSL is just a proxy to enable the Firewall to have a (limited) view on the traffic.
In my opinion (I advocated this a few times here) scanning traffic at the perimeter can do only a minor job, the endpoint does know the whole storyline (which is a SentinelOne term) and can decide over good and bad.
—Michael@BWC
BWC