Menu

BWC

Cybersecurity Overlord ✭✭✭
Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

BWC Cybersecurity Overlord ✭✭✭

Badges (27)

5 Year Anniversary250 Answers4 Year Anniversary3 Year Anniversary250 Likes100 Answers100 Helpfuls2 Year Anniversary1,000 Comments50 Answers1 Year Anniversary500 Comments25 Answers100 Likes25 Helpfuls100 CommentsWork Out Loud5 Answers25 LikesFirst Answer10 Comments5 HelpfulsFirst Comment5 LikesPhotogenicName DropperEarly Adopter
See More

Reactions

9 Promote 189 Helpful 415 Like 0 Spam 5 Abuse

Comments

  • @ygorsm this discussion came up in the past a couple of times in different contexts. It's only possible to have one concurrent authenticated session from the same source IP, no matter if it's Web, SSO, SSL-VPN etc. The only exception is SSO through TSA, but this does not count here. Sorry that I have to be the bearer of…
    in If a user is connected via GUI, when logging in with API user he is disconnected. Comment by BWC 4:10PM
  • Looks good to me if Tapart(22) is tcp/22. —Michael@BWC
    in Port forwarding nat network Comment by BWC 2:50PM
  • Correct, the upstream firewall has to forward the traffic first. NAT SRC-ORIG: Address Group of authorized public IPs SRC-Translated: Original DEST-ORIG: X1 IP DEST-Translated: internal host which runs SSH Server SVC-ORIG: SSH SVC-Translated: Original Access Rule SRC: Address Group of authorized public IPs DEST: X1 IP…
    in Port forwarding nat network Comment by BWC 2:30PM
  • Your SNWL does not see the public IP 62.xx.xx.195, you have to use 172.21.5.1 as Original Destination for your NAT and Access Rule, Translated Destination is your internal IP. But this only works if the router is natting 62.xx.xx.xx.195 to 172.21.5.1 in the first place. —Michael@BWC
    in Port forwarding nat network Comment by BWC 2:15PM
  • I don't know at which point in the Packet Flow the Port Scan detection is executed, but it might before the Access Rules. Did you exported a TSR and searched for the UUID? This will give you the information to what the UUID points to. —Michael@BWC
    in Can SonicWall syslog shows the status of the IP?(blocked or not) Comment by BWC March 31
  • What is the netmask of your X1 interface and are all of the public IPs are within the same subnet? Did you tried the suggested NAT rule, it might be enough already. If not it might be necessary to do a static ARP binding for the additional IP on your X1 interface. There is no need to create additional WAN interfaces.…
    in Dual WAN Dual LAN Comment by BWC March 30
  • @dc500 IMHO, don't waste any time with the onboard certificate management on the Firewall. Get yourself familar with a tool like XCA (https://www.hohnstaedt.de/xca/) and do your Key/Cert Managed in there. You can import/export as you like. It's mostly Drag&Drop from that point on. I'am using it daily and recommend it to…
    in SSL certificate re-issue Comment by BWC March 29
  • @emilward how do the 5 public IPs get assigned to X1? As /28 on X1 or via Routing through an upstream CPE? Either way, it should be sufficient to create a NAT rule to hide X2 behind on of the additional IPs: SRC-Orig: X2 subnet SRC-Translated: Address Object holding one of the 5 IPs, Zone WAN DST-Orig: Any DST-Translated:…
    in Dual WAN Dual LAN Comment by BWC March 29
  • @jst3751 good that there is a HF available, it would be great to know what the underlying issue is and why I don't face it on my appliance for example. But we'll probably never get this information. —Michael@BWC
    in Bug found in 7.1.3-7015: Certificate chosen for mangement Comment by BWC March 24
  • Hi @Bogale thanks for info, but I ticked all the checkmarks for the reasons already. We have a SMA with 2 Cores and 8 GB of RAM, it only happens if I enable one of these two Exchange offloads, all other Portals are not involved and should be a target for a possible DOS as well. Firmware as mentioned is 10.2.1.14. What do…
    in 10.2.1.14 - Freezing after a while (OWA related?) Comment by BWC March 24
  • @David W thanks, I thought we tackled SMA issues in the past, but I guess I confused you with Vijay for some reason, sorry. —Michael@BWC
    in 10.2.1.14 - Freezing after a while (OWA related?) Comment by BWC March 24
  • @Sachingorde I reported my current issue with SonicPlatform to Customer Support in (because it's not product related) and the Ticket got closed somewhat immediately with the remark: We have reviewed your case, and this is best addressed by Technical Support rather than Customer Service. You may provide the serial number in…
    in SonicPlatform - are you ready? Comment by BWC March 24
  • @AKO you might get in touch with support. For my customers I saved the old files in case of a re-deployment. Hopefully the files are available upon request from support, otherwise you're doomed. —Michael@BWC
    in SMA 500v (KVM) - Restart kills Appliance Comment by BWC March 24
  • Well, it comes down to "hey, it's me, the ESA for mail.domain.com and here is the cert to prove it". What the sender is doing with that information is not forseeable, it can be ignored and any cert would have worked or it could be enforced by matching names, validity etc. Using DANE (something ESA isn't capable of) is also…
    in SMTP/TLS certificate usage Comment by BWC March 21
  • @djhurt1 the cert for SMTP is used only on the server side when receiving mails, not involved in the sending part. If you're familar with postfix you might have used the smtpd_tls and smtp_tls directives, which are for receiving and sending, but even in postfix smtp-tls_cert_file for sending is rarely used becuse the…
    in SMTP/TLS certificate usage Comment by BWC March 21