Comments

• @IT_Will_be_Fun great that you figured that out, the devil is always in the details. Happy NTPing :) --Michael@BWC

  in 123/UDP you shall not pass Comment by BWC March 13
• 7.1.1-7051 got released and seems to address a lot of the reported issues. --Michael@BWC

  in 7.1 firmware.....nearly unusable Comment by BWC March 13
• 7.1.1-7051 got released and seems to address a lot of the reported issues. --Michael@BWC

  in SonicOS 7.1 finally arrived Comment by BWC March 13
• 7.1.1-7051 got released and seems to address a lot of the reported issues. --Michael@BWC

  in Cannot access SSLvpn Portal since 7.1.1 update Comment by BWC March 13
• @IT_Will_be_Fun did you checked the Value section of the packet monitor details? Was it dropped because of an Access Rule or something else? --Michael@BWC

  in 123/UDP you shall not pass Comment by BWC March 13
• If you're talking about CASS this might be helpful. --Michael@BWC

  in Spam email sample Comment by BWC March 11
• @Ramaswamy you might check this option: On the other hand you could configure SPAM submission addresses and your users forward the mail by themself. --Michael@BWC

  in Spam email sample Comment by BWC March 11
• @dbdan22 IMHO for WiFi Calling you only need to open UDP 500 and 4500 to the ePDG of your provider. If you allow ANY you should be golden. Ruckus listed 233.sub-141-207-229.myvzw.com and wo.vzwwo.com in their Profile for Verizon. There are some more information about 911 calls over here: --Michael@BWC

  in Verizon cell phone not working with TZ470 Comment by BWC March 8
• @temond the Rules should be more then sufficient (because they are very broad). The Interfaces X2 and X3 are connected to different switches or seperated by VLANs? Did you checked with the ARP cache of your SNWL if both IP addresses are listed here and therefore reachable from the Firewall? You mentioned that the Packet…

  in Get 2 subnets to communicate with 2 different interfaces Comment by BWC March 8
• @temond delete your Routes, they are not necessary and probably the cause of the IP Spoof Detection. Subnet Routing is alway included :) It comes all to the Access Rules Zone-X2 to Zone -X3 and vice versa. --Michael@BWC

  in Get 2 subnets to communicate with 2 different interfaces Comment by BWC March 7
• @rmori I'am not aware of any OID which provides this information, you might have a look into multi-step Webintegrations and gather the data via API (if provided). I never did this before but that would be my first approach. --Michael@BWC

  in Monitor SNMP license expiration Comment by BWC March 7
• DNS Security needs to be licensed from 7.1 and up. It's part of APSS and noone could tell me the SKU for extending EPSS. IMHO the Label Maintenance Relese is misleading, because 7.1.1-7040 was a Feature Release (or Early Release?) and only due to a huge vulnerabilty it became MR. Best Firmware for Gen7 is 7.0.1-5145, IMHO.…

  in Dropped by DNS sinkhole.Domain Comment by BWC March 6
• @blue that's interesting, it might be a Sonicwall Newsletter which hit Mandrilapp in the past 😂 I guess you can't modify any settings for DNS security without the valid license? Was it enabled before upgrading to 7.1.1? Did you checked the configuration via CLI, maybe the upgrade messed things up and you need to disable it…

  in Dropped by DNS sinkhole.Domain Comment by BWC March 6
• @mike_bluetabs this might be what you're looking for: You cannot change the scope of these predefined Groups, just make sure your custom Group is a member to the Group which fits best for you. --Michael@BWC

  in Assign Management Privileges to Local User Group Sonicwall TZ400 Comment by BWC March 6
• @dp8 I'am connecting to a Gen6 device with TLS 1.2, it might be related to some changes in the Firmware, you should upgrade to 6.5.4.13. TLS 1.1 is deprecated, you can check with your browser what is getting negotiated. There is an option to disable TLS 1.1 (recommended). --Michael@BWC

  in Which TLS Version is prefarable ? Comment by BWC March 6
More Comments