Arkwright All-Knowing Sage ✭✭✭✭
Reactions
Comments
-
Will this work, with the only change being instead of just management being available from the 2nd subnet, we want all traffic, as well as Internet access, by changing it to "All" for the service? Have you tried?
-
The player trying to send multicast packets will not be how it reaches the internet, so that is a red herring. Filter your capture to "dropped packets only", filter out multicast destination IPs and try again.
-
Yes, you can use the SFP+ interfaces for LAN, WAN or whatever you choose. Actual throughput you will get depends on many variables and is difficult to predict. I think we can say that NSA2700 will be faster than TZ370.
-
It depends what "inactivity" means. If it means "no packets at all across VPN connection" then the problem you will have is that there is constant background noise of traffic there, even if the user is doing nothing, especially if their DNS traffic is going across VPN. But 5000 hours = 30 weeks. It's more likely that this…
-
"Only" 900Mbps? You will only ever get 940Mbps TCP/IP throughput with 1Gbps ethernet anyway, so they're not missing out on much. Yes, you can use the SFP+ interfaces for LAN, WAN or whatever you choose.
-
It deleted by pre-upgrade backup and now its not letting me downgrade. Saving a local copy of a backup should be part of everybody's firmware upgrade routine.
-
Have you tried IKEv2? IME, it "tries harder" to keep a VPN alive.
-
This is nothing to do with Zone configuration or access rules. This is going to be something more fundamental, like, you have the different L2 networks connected to each other somehow, so clients can end up with IPs in the wrong network. Are you seeing these client leases in the Sonicwall? ie, are you sure it's actually…
-
Is there anything I can do? Start here: https://www.sonicwall.com/support/knowledge-base/what-are-dynamic-external-objects-groups-and-how-can-we-configure-it/200507105852280/ You can confirm the limits for your model of firewall. I want to confirm that the policy should be DENY Source Zone WAN, address DEAG from preceding,…
-
congratulations you just gave complete access to all your network & bypassed your FW for a potentially open WIFI ssid. Where are you getting this from?
-
I don't know about the Aruba side, but the Sonicwall side sounds good.
-
DNS search list. You need to add corporate.local to it so that clients know how to form DNS requests.
-
You can add multiple FQDN address objects to an address object group, and use this group in the WAN>WAN rule for SSLVPN services.
-
Thanks for this - in my opinion, literally every firmware release should have a dedicated topic in the forum.
-
I think to answer this question properly, you would need to explain what the purpose of setting things up like this would be. I will have a stab at it though. The "all other" firewall would be the default gateway for the internal networks There would be a link between the "all-other" and VPN firewalls The "all other"…