Comments
-
I know that this is a different topic, but is there a way to restart on a TZ670 the SSL VPN services? I had a issue with the SSL VPN, users couldn't log to it, they were getting an error about the "Server can't be reached", I had to restart the SONICWALL.
-
Hello Ajishlal, Hope that you're well. I had to talk with the ISP, they were the ones that told me that for the second subnet to be routed for my first subnet I had to enable ping. Also we're using CLOUDFLARE, to help with the DDOS attacks and other issues that might arise.
-
We can close this topic. For the routing to be made I had to enable ping on the WAN port. After that, I don't even need anything from this KB, just the NATs and the ACLs
-
I started a packet capture, but I'm not seeing any IP from the secondary subnet that the ISP provided.
-
Is it possible for the ISP to be forwarding those IPs to the MAC of my old firwalls? And that's why this one isn't working? 🤔
-
No luck, but the rules were working, if I change the rules to match the IP that I've configured on the x1 interface it works.
-
I did it manually. Ok, I'll try it.
-
Hello MasterRoshi, Just did it, no luck. :(
-
Hello Master, I hope that you're doing well. Ok so here is the static arp, the IP address is the IP from the range of IPs that the ISP gave me. Grabbing the example that I gave, I have a range from 10.0.0.5 to 10.0.0.10, and lets say that this IP is 10.0.0.8 This is the access rule: The IP is 10.0.0.8 and I added the port…
-
Shiprasahu93, do you have any other idea on how I can do it? Thank you! :)
-
Hello, today I tried it, didn't work. As example: I have a range of IPs from (IPs are not the real ones) 10.0.0.5 to 10.0.0.10 So what I did was, create a range with those IPs and add the route as explained in the KB. Created both Access rule and NAT police as the KB. And added the IP 10.0.0.5 to the Static arp and…
-
Ok, so I need to configure the ARP with one of the IPs that the ISP gave me and create the route, after that the NATs that I have should work fine? Does the subnet mask matters? Because the ISP didn't gave me any, they only sent me the IPs.
-
Yes, they are in a different subnet from my WAN IP. But should I add to the ARP the IPs or should I add an IP that belongs to the same subnet as those ALIASES IPs?
-
I saw that KB before, but It says that I should add an IP that belongs to the other IPs subnets and not the IP that I want to NAT to the internal server. It will be hard for me to test this out, as this will cause some services to stop.
-
Maybe I'm not explaining myself correctly. What I need is this: User A uses a laptop that belongs to the enterprise, laptop is also a domain joined machine. User A takes the laptop home to work from home. From home, for this user to be able to surf the internet, he would need to use the SSL VPN software to connect via SSL…