Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Ip address can not be all zero in Address Group used by IpHelper.

Setting up NEW firewall. I have existing firewalls hours away from me, i manage them using the IPsec tunnels that have been created before i started here. on 6.5 I could go into the address group of whatever firewall and add the data and voice networks to group with no issues it would add on the fly and i would eventually see the site-to-site for those address object groups turn green. Most of my firewalls are now on 7.x and now if i try to do the same thing, add address object to an existing IPsec site to site tunnel it gives me an error "Ip address can not be all zero in Address Group used by IpHelper." what the hell the are not zeros ? I could do it before in Gen 6 , now i cant??? how the hell am i suppose to add the ip address objects for the new firewall?

Category: Mid Range Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    MPERU99MPERU99 Newbie ✭
    Answer ✓

    This has nothing to do with GVC, this is site to site , turns out YOU HAVE to take down the existing tunnel, on the firewall you are wanting to add the address objects to. then you can slide the address objects into the remote network address object grouping, then you can bring the tunnel back up.. THIS IS !@O^)%ing IGNORANT!!!!!! you did not have to do that on 6.5, in fact one of the firewalls is 6.5 and you can just dynamically add the address objects to the existing and running tunnel. ** I guess it was never suppose to be able to do that ** yet something so useful and DOES WORK on 6.5 supposedly has been "FIXED" in 7.0 , what a crock! they cannot give a good damn reason why other than it wasnt suppose to work that way in 6.5... WELL IT DID AND IT WAS VERY USEFUL! and NOW you have given me yet another reason to NOT use Sonicwall , another CON added to the list

    I could understand if you wanting to remove something from an existing production tunnel, you should have to down it to remove.. but to have to stop production tunnels to add objects, that I know are fully capable of doing in 6.5 is just ridiculous. I have to do this after hours or on weekends. like this weekend. So because we maintain our firewalls locally, accessing firewalls located hours away, we use the tunnels to access the firewalls, but if you have to bring the tunnel down.. NOW YOU CANNOT ACCESS THE FIREWALL!!! DUMB!!!!!!!!! SO before hand you have to enable X1 interface to accept logins , (creating a potential vulnerabilities ) access the fire wall from X1(public IP) , take the tunnel down.. add the address objects, bring the tunnel up, verify its up, now access the firewall via the tunnel (Private IP) , disable the x1 login abilities.. this is absolutely &^%^&#!!! stupid!! Sonicwall, you have created more unnecessary work

Answers

Sign In or Register to comment.