Arkwright All-Knowing Sage ✭✭✭✭
Reactions
Comments
-
Have you tried IKEv2? IME, it "tries harder" to keep a VPN alive.
-
This is nothing to do with Zone configuration or access rules. This is going to be something more fundamental, like, you have the different L2 networks connected to each other somehow, so clients can end up with IPs in the wrong network. Are you seeing these client leases in the Sonicwall? ie, are you sure it's actually…
-
Is there anything I can do? Start here: https://www.sonicwall.com/support/knowledge-base/what-are-dynamic-external-objects-groups-and-how-can-we-configure-it/200507105852280/ You can confirm the limits for your model of firewall. I want to confirm that the policy should be DENY Source Zone WAN, address DEAG from preceding,…
-
congratulations you just gave complete access to all your network & bypassed your FW for a potentially open WIFI ssid. Where are you getting this from?
-
I don't know about the Aruba side, but the Sonicwall side sounds good.
-
DNS search list. You need to add corporate.local to it so that clients know how to form DNS requests.
-
You can add multiple FQDN address objects to an address object group, and use this group in the WAN>WAN rule for SSLVPN services.
-
Thanks for this - in my opinion, literally every firmware release should have a dedicated topic in the forum.
-
I think to answer this question properly, you would need to explain what the purpose of setting things up like this would be. I will have a stab at it though. The "all other" firewall would be the default gateway for the internal networks There would be a link between the "all-other" and VPN firewalls The "all other"…
-
SonicOS doesn't do any type of L2 VPN, so VLAN tags on VPN tunnels are not relevant. All that matters is the source/destination IP address. If the destination network is on a VLAN subinterface, then it will be tagged on egress. NATing across a VPN tunnel is possible. Clearly it also needs to be natted so it can be routed.…
-
This is a client-side thing in the browser tools, not on the firewall. It will let you work out which page elements are failing to load, see their URLs/IPs and from there you can narrow down your search.
-
Look at Network tab in web developer tools when the issue is occurring. See which page elements aren't loading.
-
If you want to get complicated then you need route-based VPN policies. What does: traffic being mixed on the core switch really mean? If you don't want traffic from different networks on the same infrastructure, then you need separate infrastructure for it. But that means buying more hardware and maintaining more stuff.…
-
I can connect after a few days later. May be it is an ISP problem. There is no other explanation if it is behaving in the way you have described.
-
I don't know what the name for this is but the NAT policy needs to bidirectional. The translated source needs to be the X1 IP, because the translated destination has to reply back to your firewall because the clients will not accept a response from a different IP than they were talking to. Having said that: If I do a…