John_Lasersohn

Moderator
Default Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

John_Lasersohn Moderator

About

Username
John_Lasersohn
Joined
Visits
219
Last Active
Roles
Member
Points
203
Badges
9
About Me
Escalation Engineer, NGFW Premier Support

Badges (9)

100 Comments25 Likes5 Answers5 HelpfulsName DropperFirst Answer10 Comments5 LikesFirst Comment

Comments

  • @TKWITS - you are so right about this. There might be five or ten domains serving content for a top site like IG.
  • Yes, the 192.168.200.166 or its network must be in the SSLVPN Client Settings - Client Routes, AND be listed in the user's or user groups VPN Access. It will turn into a link when both are done correctly.
    in Log Comment by John_Lasersohn February 8
  • @djhurt1 - there are automatic routes created for every interface, from Source = Any, to their logical networks as destinations. They are set to use that interface and no gateway is needed. These route traffic between the directly connected networks on the firewall.
  • Hello @arjanlugtenberg - These defaults are really good choices and that is why they are on by default and cannot be globally disabled. You can change them on each access rule.
  • @BWC - I would gather the standard data set and open a case. the Log Monitor exports are really important. Please generate: 1) a tech support report from the SonicWALL's System > Diagnostic screen, including all checkboxes except Sensitive Keys, 2) an exported settings file from SonicWALL's System > Settings screen, 3)…
  • Hello @Alberto - This KB may help. https://www.sonicwall.com/support/knowledge-base/how-to-configure-log-automation-to-e-mail-log-categories-to-different-e-mail-addresses-respectively-in-sonicos/170503263420646/
  • Hello @LJ_TECH - this is the type of issue which is best solved in a support case. Let me give you some details about what data to gather from your firewall, which can be given to case owner for analysis. CLASSIC MODE Please generate: 1) a tech support report from the SonicWALL's System > Diagnostic screen, including all…
  • I have created Gen7-20776, a ticket for Engineering. Gen7 TZ: Duplicate strings w/ spaces in TI VPN Names cause UI glitch in choosing Interface in Next Hop for Routing Policies I learned that the actual interface parameter, which cannot be two, is set to the one, but the UI shows two chosen. The TSR shows only one…
  • @BWC - I have tested a clean boot of a recent release candidate and found the issue still exists. I am creating a must fix for release ticket for Engineering. "TI VPN Names and how duplicate strings in them can cause failures in choosing them as Next Hop in Routing Policies" ; more news on this in a few hours.
  • OK I understand now. I also found that the shared secret field didn't accept all ASCII characters like it should. I will check on the current release candidate and make sure it has fixes for both.
  • @BWC , If I understand you correctly, this replication means that our lab unit was taken through upgrades from an affected version. I'll try a clean boot on R906 to see if this happens.
  • Hello @scottkeen - It is always good to have a support case open for this sort of thing, and once you posted the case number, we can use it as a training exercise for the case owner, who will either find a solution or create a ticket for Engineering to fix it. and @shiprasahu93 can work with them, or I can, to make sure it…
  • I am delayed until next year.
  • Hello @BWC - I have seen some issues like that with the VPN pre-shared key fields not accepting spaces, so I will search for this one, which is a Tunnel Interface VPN / routing rule name issue. It may have already been found by QA. I hope to have info for you by tomorrow.
  • Hello @MichaelA - I just put one of our NSA firewalls on a cable modem at my home office for the first time, a new ISP for me. I first connected a PC, and then over a week later tried to get the FW WAN to get a lease. It did not, after an hour or two. I simply powered down the cable modem for 30 seconds, unplugged the WAN…