Best Of
Re: VPN Dedicated Firewall
I think to answer this question properly, you would need to explain what the purpose of setting things up like this would be. I will have a stab at it though.
- The "all other" firewall would be the default gateway for the internal networks
- There would be a link between the "all-other" and VPN firewalls
- The "all other" firewall would have static routes to all the VPN networks pointing at the VPN firewall.
- The VPN firewall would have static routes to the internal networks pointing at the "all other" firewall
- Both firewalls would have their WAN link(s) as their default gateway.
Re: SonicOS 7.1.1-7051 Maintenance Release
you know what else should be part of "everyone's" routine? SonicWall actually test firmware before releasing dumpster fires
Re: Is anyone getting hammered by password spray attacks recently?
One saving grace for us is we require 2FA for VPN use so we at least have that extra layer. We are seeing the attacks between midnight and 5AM from what I have gathered from the logs. We do use Geo/IP filters from the NSA which is catching a a lot I also reduced the amount of connections in the firewall rule for the SMA public ip but I can't believe that there is nothing on the SMA to help combat this.
Cheers
Re: Is anyone getting hammered by password spray attacks recently?
Agreed. MFA is a must these days.
We're trying to figure out how to get Sonicwall to introduce a feature that blocks IP addresses when they repeatedly try to login to accounts that are not valid users on the appliance (or AD). With an override, of course, if a mistake is made.
If they did that, we'd see an end to these attacks.
It's not very good for Sonicwall's reputation or standing on Security that they don't address the issue. :-(
Re: DHCP Pools not being assigned exclusive to their intended subnet
This is nothing to do with Zone configuration or access rules. This is going to be something more fundamental, like, you have the different L2 networks connected to each other somehow, so clients can end up with IPs in the wrong network.
Are you seeing these client leases in the Sonicwall? ie, are you sure it's actually the Sonicwall serving the wrong IPs?
Re: How to route Wi-Fi guest traffic from Aruba AP 515 to SonicWALL TZ670 on separate VLAN
If your "conductor" - actually the Aruba Virtual controller or VC has a network that has a primary usage of Guest, all your clients are allocated private IP address and the VC performs the NAT translation
Unless you change the client IP assignment to network assigned, then you can Tag this to the VLAN for your X:30 sub interface and create the necessary rules from the Zone assigned the X0:30
Re: How to route Wi-Fi guest traffic from Aruba AP 515 to SonicWALL TZ670 on separate VLAN
I don't know about the Aruba side, but the Sonicwall side sounds good.
Re: SonicOS 7.1.1-7051 Maintenance Release
Thanks for this - in my opinion, literally every firmware release should have a dedicated topic in the forum.
Re: Page Redirecting - SSL VPN Portal - NSA 2700
I think this might be a recent Gen 7 bug, where the SSLVPN web interface redirects to the management web interface. One of these you can leave open to the internet, the other, you don't want to do that.