Comments
-
Bumping this up as it appears it is still happening. Access rule has USA as only listed allowed country, but getting hammered from UK, Canada, France, and more... When I look up the IPs in Diganostics sub-tab of Geo-IP settings, each country seemingly is correct, aligned with a lookup on arin.net Now on version SonicOS…
-
depends on: -speed of your internet pipe at each location -QoS settings -amount of users at each location -security services used at each location/on each firewall (all of the above come into play for each firewall's load) I don't think I've tested from a TZ to TZ in a long time, but with 1gbps/1gpbs DIA fiber at all…
-
What are your UDP timeout settings? You might need to increase those. Any insight as to what PBX & endpoint you're working with? That may help.
-
Do you have mDNS enabled between the vLANs? I don't know for sure if it's even possible with both of them being in the same zone. You may need to have one of those vLANs set to something different (even if trusted equally/same settings are used)
-
did you create a rule to allow LAN->SSLVPN ?
-
@CROVERT This will be the case for ALL Windows software that's not meant for ARM CPUs, or "Windows RT". Basically, if it doesn't come from the Microsoft Store, it won't work in your Mac-hosted VM. My suggestion would be to use a Windows laptop instead of the Macbook if you need to run Windows Applications, or carry two…
-
For "disable group VPN management", disable HTTPS/HTTP/SNMP management for the "WANGroupVPN" under Network/IPSecVPN/WANGroupVPN. You may also need to do that for "WLANGroupVPN" Unless it means to completely disable GroupVPN, which in that case- migrate any VPN users to SSLVPN and disable it with the switch on the IPSEC…
-
A device has to have a gateway for layer-3 connections. You might be able to do some funky ARP bridging or something, but that's not how I'd do it.
-
Go to the diag page and enable "Bypass ARP processing on L2 bridge interfaces"
-
Mobile Connect... Do you have the SSL-VPN setup on the firewall? Do you have a proper certificate? Do you have the user you're trying to connect with in the SSLVPN group?
-
Yeah, you're right. Probably time to look at other vendors who do address object-export/import right on the firewall itself.
-
I just wish NSM had a simple way to copy address objects across firewalls. I only manage a dozen or so devices, but have HUNDREDS of address objects/groups that I have to manually setup on each device. It's why I bought NSM On-Prem, only to find out that it doesn't actually do something useful like being able to copy…
-
Global has a few dozen countries listed, and inbound only needs to be from our local area, so limiting to the US was the best course. in fact, Global has France listed, which we sometimes need outbound access to, but would never need an inbound connection. You're absolutely correct, my bad. Firmware 7.0.1-5111 and now…
-
Inbound access rule is set to USA only, but the SBC had loads of connection attempts from other countries, verified on the SonicWall itself when looking up the IPs via "Diagnostics" in the Geo-IP filter settings sub page. I do have "Drop TCP handshake originating from blocked Country" already checked.
-
My 2700s in HA work without using X0. I use x16 for LAN, and then x18 is dedicated to HA tasks (has the two dots for "direct CPU access". It works great, and I haven't had an issue with it. My x0 still has the default IP assigned, and isn't connected physically to anything at all.