Comments
-
A device has to have a gateway for layer-3 connections. You might be able to do some funky ARP bridging or something, but that's not how I'd do it.
-
Go to the diag page and enable "Bypass ARP processing on L2 bridge interfaces"
-
Mobile Connect... Do you have the SSL-VPN setup on the firewall? Do you have a proper certificate? Do you have the user you're trying to connect with in the SSLVPN group?
-
Yeah, you're right. Probably time to look at other vendors who do address object-export/import right on the firewall itself.
-
I just wish NSM had a simple way to copy address objects across firewalls. I only manage a dozen or so devices, but have HUNDREDS of address objects/groups that I have to manually setup on each device. It's why I bought NSM On-Prem, only to find out that it doesn't actually do something useful like being able to copy…
-
Global has a few dozen countries listed, and inbound only needs to be from our local area, so limiting to the US was the best course. in fact, Global has France listed, which we sometimes need outbound access to, but would never need an inbound connection. You're absolutely correct, my bad. Firmware 7.0.1-5111 and now…
-
Inbound access rule is set to USA only, but the SBC had loads of connection attempts from other countries, verified on the SonicWall itself when looking up the IPs via "Diagnostics" in the Geo-IP filter settings sub page. I do have "Drop TCP handshake originating from blocked Country" already checked.
-
My 2700s in HA work without using X0. I use x16 for LAN, and then x18 is dedicated to HA tasks (has the two dots for "direct CPU access". It works great, and I haven't had an issue with it. My x0 still has the default IP assigned, and isn't connected physically to anything at all.
-
The Cisco CBS (Cisco Business Series), which was initially named Catalyst 1000 series, is what I've been moving to. Definitely not ubiquiti cheap, but reasonably affordable (big picture-wise), and their official storefront is via Amazon. So far I haven't had any issues getting anything. (Fingers crossed).
-
@Arkwright I am not using x0. I read that when I first set it up, but other resources said that using x0 wasn't a necessity since you can choose your HA data+managment interfaces. Yes, the single WAN switch is a single point of failure for now, but the reason I went with the model I did is because they do stack. The second…
-
Right, but that could just be one device that randomizes its MAC address every time it connects to the network.
-
@RTTCV What do you do about nearly all modern phones/tablets generating a random MAC every time they connect to a network?
-
ugh. Here all these years with SonicWall I jus thought I couldn't find it. Good to know that it doesn't exist so we can figure something else out.
-
What is the point of adding the UDM? If you're just looking for a UNIFI controller, there's way better ways to accomplish that.
-
Yes. Purchase the NSv firewall licens(s) and set one up. For whatever reason, there's no NFR zero-cost virtual firewall like EVERY OTHER BRAND offers.