Comments

• DurableDNS is another one.

  in WAN failover and Public DNS Comment by Arkwright April 10
• Everything on the internet will have a source MAC address of your WAN router. So no, this is not a viable approach.

  in Access Rules with Mac Addresses Comment by Arkwright April 9
• This will be in the associated MySonicwall account. Did you get the details for that?

  in "Become" firewall owner Comment by Arkwright April 9
• It looks like failover isn't a common thing? Not sure what you mean, I've suggested a commercial off-the-shelf solution, little to no development required on your part. I assume there will be other DNS services with similar probe systems available.

  in WAN failover and Public DNS Comment by Arkwright April 9
• Amazon AWS Route 53 DNS with a probe ["Health Check"] on some TCP service. You can either do active/standby failover like this or load balance by weighting the DNS entries.

  in WAN failover and Public DNS Comment by Arkwright April 4
• It's annoying, GVC is much better performing than SSLVPN, but Sonicwall have lost interest in developing GVC, so we struggle along with SSLVPN.

  in Reset MFA token LDAP Comment by Arkwright March 31
• The UUID will be that of the access rule in question. The UUID should not change once the rule has been created; if all your automation does is add/remove IPs to a group which is used by a rule, then all you need to do is learn the UUIDs of the rules you're interested in. If you are lucky, there might be an API method to…

  in Can SonicWall syslog shows the status of the IP?(blocked or not) Comment by Arkwright March 31
• X1 is only using one IP so I suppose I would have to add another interface for another WAN IP; which is fine, if that makes things easier No need. Create a specific NAT policy which translates the source IP for network you want to distinguish. See BWC's first post.

  in Dual WAN Dual LAN Comment by Arkwright March 31
• My CATP reports are still working with today's catches.

  in CATP reports "No detail to show. Go to Security Notices and try again " Comment by Arkwright March 28
• So just to clarify the rest of this - there's no point in getting a 3 year SSL certificate and reissuing the public key annually, should just be creating a new cert every year? So long as you are rotating the private key regularly, it doesn't matter if you do it by creating a CSR on the firewall and importing the resulting…

  in SSL certificate re-issue Comment by Arkwright March 28
• I am not talking about the DN/CN/SAN, I am talking about the "name" of the certificate on the Sonicwall [the "Certificate" field here]:

  in SSL certificate re-issue Comment by Arkwright March 28
• If you still have the private key then you can assemble them all in to a PKCS#12 file which you can import in to the firewall BUT it's not good practise to keep reusing the same private key! You need to use a slightly different name for your new CSR, I usually put the year in I'm requesting it.

  in SSL certificate re-issue Comment by Arkwright March 28
• That's interesting, I have never seen in a packet capture, a packet being both allowed and dropped. It really does look like the same packet, same 4-tuple. What is uuid="00000000-0000-0003-0700-2cb8ed8fb59c" ? I assume that's an access rule? Export a TSR and search for that UUID, that should show what this is. As to your…

  in GeoIP - Blocking or Not? Comment by Arkwright March 28
• So long as you have some way of distinguishing the VOIP traffic so that you can apply a BWM rule to it then you're good. Voice VLAN is good practice anyway.

  in Network setup with VOIP Comment by Arkwright March 27
• This is working today!

  in CATP reports "No detail to show. Go to Security Notices and try again " Comment by Arkwright March 26
More Comments