Comments
-
OSPF to Dell S5224-ON switches. OSPF to Cisco ISR Routers. I stabilized the OSPF IPv4 relationship between NSa3700 and Cisco ISR4431 and ISR4331 routers by dropping "ip ospf mtu-ignore" in the SonicWall and in the Cisco ISR router. OSPF to Dell S5224F-ON Routers. I stabilized the OSPF IPv4 relationship between NSa3700 and…
-
An OSPF issue appeared when updated another SonicWall pair to SonicOS 7.1.1-7047-R5557. After the upgrade, the SonicOS would not form a relationship with the OSPF DR and BDR. The OSPF DR and BDR routers were constantly in a EXCHANGE/DROTHER state. 10.1.xxx.xx 1 EXCHANGE/DROTHER00:00:31 192.168.xxx.xx GigabitEthernet0/0/1…
-
Thanks, Preston. The IP Spoof appears only when the SonicWall stops routing correctly. Your comment may lead to a diagnostic. If I can get to the SonicWall during an episode, I can turn of Spoof testing. If traffic resumes, the routing is good and the Spoof test is broken. Next week, I will try some tests to see if I can…
-
Thank you, TKWITS, You wrote some good suggestions. I am letting the Secondary system run now. As you suggested, it is a way to separate a hardware error vs. a software. I also chased a routing error on the other SonicWall pair (we have 2 pair). Rebooting/failing over solved the issue. I checked the Version 7 release…
-
Thank you for the URL. I had looked a few days ago and did not see the specific cables that worked for the 3650. The cables are FS Direct Attach Cable 7m(23ft) 10G SFP+ Passive Direct Attach Copper Twinax Cable Compatible Brand DE, P/N: SFPP-PC07 I was delayed in responding since I was chasing unusual routing issues in the…
-
I manage multiple sites in a hub and spoke arrangement. Each remote site has an IPSec connection to the main SonicWall. Each remote SonicWall has the WAN interface, X1, configured to allow HTTPS Management ONLY FROM the public IP address of the main SonicWall. So management is done from inside the company at the main site…
-
I have implemented the suggestion, above, for a NSa3650 pair. snmpget -c password -v 2c IPofSonicWall iso.3.6.1.4.1.8741.2.1.1.2.0 iso.3.6.1.4.1.8741.2.1.1.2.0 = STRING: "A1B2C3D4E5F6" The snmpget command, above returns the serial number of the SonicWall. The response is shown after the query. I compare the string to the…
-
The solution is to specify the second LDAP server as a backup server. Here is the text from Technical Support In regards to your questions, the error you are getting is expected. A secondary LDAP refers to a separate domain where authentication will also be done and in most cases will work in together with Authentication…
-
Thank you, TKWIRA. The error message is identical via the web interface or via the ssh interface. % Error: LDAP user domain: Domain mycompany.com on server 2.3.4.5 is already set on server 1.2.3.4. Good Question. I tried to see if the ssh interface worked differently vs. the web interface. Both are the same. Greg
-
Thank you, TKWITS and NEVYADITHA for your responses. I am specifying the second server as secondary. The GUI allows only one interface to be specified as Primary. Also, Allow Referrals is set. To check my work, I have made the "user ldap" configuration of the TZ300W identical to the working NSA3650 configuration. The…
-
A few items come to mind Spanning Tree root for vlan 615. Assuming that the NS 2600 is connected to a switch fabric, assure that the spanning tree root for vlan 615 is on the switch that is directly connected to the SonicWall. If the spanning tree root is on the wrong switch, it will affect performance. CPU load. Look at…
-
Thank you, Larry Both of your comments have been dead on. The licensing is for NSM on my devices. When I started NSM, the popup indicated that migration was in the future, so I continued down the path to NSM 1.7. As it turns out, this advice is misleading. If I was managing hundreds of devices, I would have SonicWall…
-
Larry, Thank you for your note. I recognize the two articles. I went through them and they led me to Manage -- Appliance -- Base Settings -- Advanced Management "Enable management using GMS". Through the articles, I saw the new rules for GMS and the addition to SYSLOG. I even see a syslog heartbeat to GMS on one system.…
-
Thank you SARAVANAN for noticing my oversight. You are right, the NAT should be SOURCE on instance and DESTINATION on the other. Thank you, TKWITS, for your note. The BEST solution is to apply for an ASN and acquire a /44 network from ARIN. BGP would be used to advertise the network, appropriately, at each SonicWall…
-
The fault is related to Dynamic Botnet List. It is a known error, issue ID: GEN6-2190. The simplest fix is to Clear/Disable "Enable Dynamic Botnet List". Version 6.5.4.7-83n appears to be stable with the botnet download turned off. This is for a custom botnet download. The SonicWall continues to check addresses against the…