BWC

Cybersecurity Overlord ✭✭✭
Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

BWC Cybersecurity Overlord ✭✭✭

Badges (25)

4 Year Anniversary3 Year Anniversary250 Likes100 Answers100 Helpfuls2 Year Anniversary1,000 Comments50 Answers1 Year Anniversary500 Comments25 Answers100 Likes25 Helpfuls100 CommentsWork Out Loud5 Answers25 LikesFirst Answer10 Comments5 HelpfulsFirst Comment5 LikesPhotogenicName DropperEarly Adopter

Comments

  • @XChangingIT if you need to create tagged VLAN Interfaces it's described over here: If you leave the physical Interface Unassigned (not selecting any Zone) there will be no additional network (untagged VLAN). --Michael@BWC
  • @MartinMP I updated a TZ 670 a minute ago and I did not experienced the "Device registration needed". I updated with the current configuration, no factory reset. Was it fixed by a reboot or did you had to reenable (register) the trust with the backend? --Michael@BWC
  • @Simon_Weel DNS on the Firewall is just a resolver (proxy) not an authoritative DNS, therefore it cannot be used as a slave. --Michael@BWC
  • @lowrider no, it's really First match only. Please check the Admin Guide, on Page 97 there is a detailed description how CFS works. About the group membership, is it possible that one of the groups the user is a member of, is a member of block porn group by itself? This would mean that nested groups are possible. Or did…
  • @lowrider yes, First-Match means exactly that, combining Policies is not possible. Are you sure that the block is caused by the block policy for block porn? It might get triggered by the Default Policy if left enabled. --Michael@BWC
  • @lowrider CFS Policy is First-Match, you always have to build a complete Policy. If you block something in 1) it will not be allowed in 2) if a match already happened. I'am not sure about nested groups, IMHO it's not supported, you have to check at Monitor -> User Sessions -> Active Users and hover over the bubble to see…
  • @IT_Will_be_Fun great that you figured that out, the devil is always in the details. Happy NTPing :) --Michael@BWC
  • 7.1.1-7051 got released and seems to address a lot of the reported issues. --Michael@BWC
  • 7.1.1-7051 got released and seems to address a lot of the reported issues. --Michael@BWC
  • 7.1.1-7051 got released and seems to address a lot of the reported issues. --Michael@BWC
  • @IT_Will_be_Fun did you checked the Value section of the packet monitor details? Was it dropped because of an Access Rule or something else? --Michael@BWC
  • If you're talking about CASS this might be helpful. --Michael@BWC
  • @Ramaswamy you might check this option: On the other hand you could configure SPAM submission addresses and your users forward the mail by themself. --Michael@BWC
  • @dbdan22 IMHO for WiFi Calling you only need to open UDP 500 and 4500 to the ePDG of your provider. If you allow ANY you should be golden. Ruckus listed 233.sub-141-207-229.myvzw.com and wo.vzwwo.com in their Profile for Verizon. There are some more information about 911 calls over here: --Michael@BWC
  • @temond the Rules should be more then sufficient (because they are very broad). The Interfaces X2 and X3 are connected to different switches or seperated by VLANs? Did you checked with the ARP cache of your SNWL if both IP addresses are listed here and therefore reachable from the Firewall? You mentioned that the Packet…