Comments

• Default LAN→WAN rules allow any service, so this will just work. You say "We" are getting it installed, rather than "I am installing it", so questions about configuration details are probably best answered by those doing the work.

  in OpenVPN client behind NSA 4700 Comment by Arkwright January 17
• What are you trying to do? Are you trying to translate the addresses of the traffic traversing the tunnel? Or are you trying to allow the tunnel to connect to/from multiple public IPs?

  in VPN NAT Question - Multiple Public IP address Comment by Arkwright January 17
• Searching the access rules for interfaces names isn't going to give you a full picture. Interfaces belong to Zones, so look at the zone→zone pair of rule-sets you're interested in, eg WAN→LAN, LAN→WAN, etc.

  in Allowing 2 different WAN interfaces to the same LAN interface Comment by Arkwright January 17
• Check WAN>WAN access rules. Enabling management services on WAN interfaces creates rules there automatically.

  in Sign in attempts on port 1443 & Port 22 Showing as Open Comment by Arkwright January 17
• By my current understanding, X1 and X2 should both have access to X0. That is not the out-of-the-box behaviour of WAN→LAN traffic. If that's how it behaves then you've configured it like that. in routing rules, X2 is defined as the gateway for the .200.0 subnet. This way traffic from it can't access the rest of the network…

  in Allowing 2 different WAN interfaces to the same LAN interface Comment by Arkwright January 16
• I assume the firewall is expecting them on 500 and dropping them on 4500, or vice-versa. Are the payload packets inside the tunnel actually being dropped?

  in DROP PACKET IPSEC Comment by Arkwright January 16
• Do you think the traffic should be allowed, or not?

  in DROP PACKET IPSEC Comment by Arkwright January 15
• You don't need to create any route policies in this scenario because all networks are directly connected to the firewall and routes to connected networks are created when the interface is configured. If X2 is a WAN interface then what you probably want is a port forward, as WAN interfaces are usually NATed. Maybe a little…

  in Allowing 2 different WAN interfaces to the same LAN interface Comment by Arkwright January 15
• You could try an explicit route ping probe, explore the options in there.

  in Use Network Monitor to ping across IPSEC vpn Comment by Arkwright January 15
• I don't think access rules on firewall itself will make any difference to firewall sending syslogs out of its own LAN interface. So don't worry about that. You could try a packet capture with Wireshark on your target server. Have you followed this?…

  in Syslog traffic being blocked Comment by Arkwright January 14
• Can you ping it?

  in 192.168.168.168 Comment by Arkwright January 14
• The annoying thing here is the false sense of certainty that the UI gives the user. The countdown timer is at best guesswork and at worst, total fiction!

  in Gen 7 reboot - what's up with the "device is still rebooting" messages? Comment by Arkwright January 13
• "grooming phase"…interesting use of language…I wouldn't admit to grooming anybody on the internet :D

  in SonicOS - which branch is still supported? Comment by Arkwright January 10
• Every new firmware version should get it's own thread in this forum, started by someone from Sonicwall.

  in SonicOS - which branch is still supported? Comment by Arkwright January 10
• IME the only supported version is the most recent one, because if you are running anything other than the latest, they will just tell you to upgrade. So no point raising a ticket if you're not on the latest.

  in SonicOS - which branch is still supported? Comment by Arkwright January 8
More Comments