MarkD Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
SonicOS Packet flow in Global and Policy Mode SonicOS Packet flow in Global and Policy Mode
-
There IS routing in the VNET which will be pointing to the VNET gateway (or a pair of them technically) as the default gateway. In order to route traffic via the NSv to your chosen address range (address prefix) you have to create a route table specific to that VNET, with a next hop of a virtual appliance (AKA the NSv's X0…
-
Thats an OLD OLD thread. have you changed the routing within the VNET to route traffic to your on prem via the NSV X0 interface Azure virtual network traffic routing | Microsoft Learn
-
I would suggest starting with a packet capture
-
A HA firewall Setup, although this is technically not HSRP/VRRP which I think you are trying to describe How to Configure High Availability (HA) | SonicWall
-
If theres already a VPN and there is no overlap there is no need for any NAT configuration, the traffic is routed between 192.168.32.0/24 and 10.222.22.0/23. not sure about overthinking it, may be overcomplicating a solution - if there are already DC's in that Main Office subnet
-
To expand on BWC - http can be intercepted and the sonicwall block page shown, without DPI-SSL there is no "resigning certificate" to insert the block page. How to Configure Server DPI-SSL | SonicWall
-
management access rule LAN interface at 10.1.1.200 enable ping under the interface properties creates the rule
-
review you zones "But from what I can tell, there is nothing that stops the X2 port from accessing… or the X0 port from accessing the X2 port" there is zone rules X2 WAN-LAN X0 and LAN X0 to WAN X2
-
What are the best practices for wireless mesh network? | SonicWall
-
If the event is benign you can disable sending this event to the syslog. Device Log Settings Expand VPN/VPN IPSEC/ESP Drop the event ID 533 is populated, turn off the SYSLOG, it will still be logged in the GUI
-
I think you have the use of Zones wrong You talk about X1 and X2 as WAN Zones? and one is connected for wireless ?? X2(or the subnet on it the 192.168.200.0 subnet.. WAN zones connect to the internet i.e it routes all traffic that is no pre-defined by routing rules or interface connectivity. How do zones work in SonicOS? |…
-
IKE UDP 500 is to start a connection, if during P1 negotiation the remote endpoint is behind a NAT device, this will move to UDP 4500. Is the remote endpoint behind a NAT device? Also your logs are from an external syslog collector and may not contain all the information.
-
UDP port 500 is for Internet Key Exchange (IKE) UDP port 4500 is for IPSec NAT-Traversal (NAT-T) ie the endpoint is behind a device performing NAT on the source address