Comments

• Hopefully I'am not mistaken, but I believe Cipher Control does not affect SSL-VPN, only DPI-SSL, SSL Control and Management. I checked on a 6.5.4.15 deployment and 3DES wasn't returned for me. | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A |…

  in SWEET 32 Vulnerability Comment by BWC January 2
• @shwazh what Firmware version you're running on your Firewall? —Michael@BWC

  in SWEET 32 Vulnerability Comment by BWC January 2
• Fortinet is way ahead in some areas, but the amount of CVEs Fortinet products are creating is way higher than with SonicWall. Maybe FTNT is a more profitable target, dunno. —Michael@BWC

  in Interesting articles on the exposure posed by the SSLVPN vulnerability in SonicWall firewalls Comment by BWC January 1
• You need to setup SSO to have your Firewall identify each user behind your LAN IPs. Usergroup Everyone should work in the CFS Policy for Included users. Use this guide for orientation —Michael@BWC

  in Unable to monitor Web Activity Comment by BWC December 2024
• I'am glad that you found the final needle in the haystack and I was able to guide you through it. Take care and have a great start into 2025. —Michael@BWC

  in Unable to monitor Web Activity Comment by BWC December 2024
• Did you checked the following? Keep in mind that QUIC will not be checked against CFS and therefore not visible in Web Activity. You can force HTTP2 by dropping all udp/443 traffic from ANY to WAN. —Michael@BWC

  in Unable to monitor Web Activity Comment by BWC December 2024
• We're getting close, any hits on these CFS Rules? Did you checked in your Content Filter Actions Objects that "Enable Flow Reporting" is configured. —Michael@BWC

  in Unable to monitor Web Activity Comment by BWC December 2024
• Please check Policy → Rules and Policies → Content Filter Rules that the is a rule enabled and if the Hit Count statistics show any hits. —Michael@BWC

  in Unable to monitor Web Activity Comment by BWC December 2024
• @Xingfeng I hardly doubt that SNWL will put any effort in supporting outdated Android releases. I can understand the demand, but using an OS without any current security update is more than risky. —Michael@BWC

  in SonicWall Mobile Connect newest version can support Android10? Comment by BWC December 2024
• Do you have the Content Filter Rule enabled as well? HTTPS traffic might be not visible without Client DPI-SSL enabled. —Michael@BWC

  in Unable to monitor Web Activity Comment by BWC December 2024
• @SebastianS I'am running the same release on my TZ 670 and did not see this. Is it always the same devices that does not show up after a while? Does it happen after the Lease expires? —Michael@BWC

  in Current DHCP leases tab not showing all active leases (SonicOS 7.1.2) Comment by BWC December 2024
• @alijan125 do you have CFS (with DPI-SSL) enabled? Otherwise Web Activity will be left blank, even if App Flow is enabled. —Michael@BWC

  in Unable to monitor Web Activity Comment by BWC December 2024
• It's just a hunch, but I assume you're trying to migrate from a Sophos to a SonicWall firewall? The Release Notes do not show any details about which Sophos versions are supported, but there was an Issue ID mentioned, which should be addressed with Support. DEVT-3102 —Michael@BWC

  in Migration from Sophos XG "Failed to upload configuration file." Comment by BWC December 2024
• Not many people using Sonicwaves 😎 —Michael@BWC

  in Steering with 1 SSID and dedicated 2.4 for another SSID Comment by BWC December 2024
• Hmmm, that might be no coincidence that your Phase 2 lifetime has the exact value when the problem occurs. It could be either that both sides are not in sync with their time settings or maybe the multi proposal offering of your Splicecom connection is causing trouble when rekeying P2. It does not having trouble for the…

  in IPSec VPN keeps dropping after 60 minutes. Comment by BWC December 2024
More Comments