BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@B83 the Firewall isn't doing it by itself, you could check the TSR if there is any occurence of 8.8.8.8 which gives you a hint where it's used. If it's not in the TSR then it must be generated externally, which you can find with a Packet Monitor looking for 8.8.8.8. My best guess would be that the DNS is configured to…
-
Enabling United States and Sweden did the trick, not sure if Singapore needs to be added as well, but it works without it. Needless to say that's nothing I really want, because allowing access from Countries we don't expect connections from is not helpful. —Michael@BWC
-
You're the admin of the SonicWall Firewall? Did you checked the logs? If you're not the Admin, what did your Admin said about this? Does the message says "Tunnel Negotiation"? Because Navigation makes no sense here. —Michael@BWC
-
@CCAdmin just to avoid any confusion, there is a new Firmware 10.2.1.12 for SMA 100 Series, Firewall admins are still facing the issue. The HTTP DOS Settings is new and should do the trick, classic fail2ban. —Michael@BWC
-
@CHEOPSken do you have only Site to Site Tunnels or Tunnel Interfaces for Peers with static IP addresses? In that case you could limit the IKE Access Rules in WAN-to-WAN to a group of allowed Peers. Otherwise I'am not aware of a solution right away. —Michael@BWC
-
If you're getting the same log entries over and over again, frequency is a good way to reduce it if no details needed. —Michael@BWC
-
6.5.4.14 is currently the latest for Gen6. There will be probably another one soon. —Michael@BWC
-
It's unfortunate that there are no Release Notes linked with the Firmware. But it's the same version running on HES and it contains some fixes related to AV Engines. Official Release Notes are mandatory, IMHO. I'am running it myself without new issues and gave a green light for my customers to deploy it. —Michael@BWC
-
@KevinLynch there is no rule of thumb for that, it all depends how active your deployment is. You might select the longest time frame to show the logs and scroll down, this should give you an estimate how long the log lasts for your appliance. —Michael@BWC
-
@jayce you might add to your question what APs you like to associate and what Firmware you're running on your Firewall. Or do you like to manage them through WNM? —Michael@BWC
-
@KevinLynch I don't do much log automation via email, but my guess is that the log ring buffer gets filled up every few minutes and this causes the TZ to send out a new mail. —Michael@BWC
-
@CRISL I did no further digging on this topic, but IMHO it's not addressed by App Control or CFS, which is long overdue. The most simple solution I could think of is blocking TCP 443 (DoH) to known DoH resolvers, hoping to catch all relevant ones. You might block TCP 853 (DoT), UDP 8853 (DoQ) and UDP 443 (Quic) to ANY as…
-
Application Offloading is some form of reverse proxying which is only available on SonicWall SMA appliances, not via plain Firewall. OWA (and ActiveSync) is directly supported with SMA. If you specify an external boomark on the Firewall the traffic between client and server (OWA) has to be accessible to the public and…
-
@DP8 if you believe the rating is not correct, report it for a rewview. —Michael@BWC
-
@Techlisalh that's the way how it's implemented, because every request is "rewritten" by the Firewall when accessed via VirtualOffice. It's not comparable with Application Offloading which you might know from the SonicWall SMA, which would be probably a better solution for your demand. But even the SMA is handling HTTP…