Arkwright Community Legend ✭✭✭✭✭
Reactions
Comments
-
Setting up F&LB creates an entry at the bottom of the list of routing policies. It might say X1 because that's the line that F&LB has decided to use right now. Wouldn't it be great if it would use the Comment or Name fields on the routing policy to indicate that it is there because of F&LB?
-
It sounds like you are tunnelling all traffic over SSLVPN. I wouldn't run voice over SSLVPN. You either need to not tunnel all so Teams traffic doesn't go that way, or you need to not use SSLVPN if "tunnel all" is a hard requirement.
-
No consolation to you, but yours is the first post I've seen about 7.1.3 corrupting rules. I believe that 7.1.2 had this issue on upgrades and the fix was to restore the previously-saved config after upgrading to 7.1.2 If you use NSM then you can get a diff of the JSON config [which is almost unreadable anyway, even when…
-
Saw a similar issue recently with accessing Vodafone management portal. My guess this is some security feature in a WAF product somewhere. Bug or not? I am not sure. Amusingly enough, this Sonicwall KB article implies that if other devices use sequence number randomisation, the Sonicwall might perceive it as a problem :)…
-
In that case, I don't think you can handle this with policies NAT on the firewall itself. There are a few ways to achieve this: You can have up to two Gateway IP [or FQDN] entries per "normal" site-site tunnel. Only one will be active at a time You can multiple active "tunnel-mode" tunnels, but only one IP or FQDN entry…
-
SSLVPN → LAN access rules?
-
This is because I also found similar port scan alerts (very few) for foreign servers coming from port 443. This looks like the response from a web server, right? Yes, I see a lot of this - port scans appearing to originate from what is obviously a "destination" port. I don't think SonicOS actually does anything proactive…
-
Obviously we didnt want to delete or alter any existing rules Is it obvious?
-
"Create more than 7000 rules" is not an actual objective, that's just a side-effect of what you're trying to achieve. So what are you really trying to do? My intuition would be that if you need more than 7000 rules on a TZ400, whatever it is you're doing, you're doing it wrong.
-
Default LAN→WAN rules allow any service, so this will just work. You say "We" are getting it installed, rather than "I am installing it", so questions about configuration details are probably best answered by those doing the work.
-
What are you trying to do? Are you trying to translate the addresses of the traffic traversing the tunnel? Or are you trying to allow the tunnel to connect to/from multiple public IPs?
-
Searching the access rules for interfaces names isn't going to give you a full picture. Interfaces belong to Zones, so look at the zone→zone pair of rule-sets you're interested in, eg WAN→LAN, LAN→WAN, etc.
-
Check WAN>WAN access rules. Enabling management services on WAN interfaces creates rules there automatically.
-
By my current understanding, X1 and X2 should both have access to X0. That is not the out-of-the-box behaviour of WAN→LAN traffic. If that's how it behaves then you've configured it like that. in routing rules, X2 is defined as the gateway for the .200.0 subnet. This way traffic from it can't access the rest of the network…
-
I assume the firewall is expecting them on 500 and dropping them on 4500, or vice-versa. Are the payload packets inside the tunnel actually being dropped?