Comments

• management access rule LAN interface at 10.1.1.200 enable ping under the interface properties creates the rule

  in NSA 4700 Drops ICMP traffic from server VLAN to X0 LAN Comment by MarkD January 20
• review you zones "But from what I can tell, there is nothing that stops the X2 port from accessing… or the X0 port from accessing the X2 port" there is zone rules X2 WAN-LAN X0 and LAN X0 to WAN X2

  in Allowing 2 different WAN interfaces to the same LAN interface Comment by MarkD January 17
• What are the best practices for wireless mesh network? | SonicWall

  in Need help setting up a Wireless Bridge Comment by MarkD January 15
• If the event is benign you can disable sending this event to the syslog. Device Log Settings Expand VPN/VPN IPSEC/ESP Drop the event ID 533 is populated, turn off the SYSLOG, it will still be logged in the GUI

  in DROP PACKET IPSEC Comment by MarkD January 15
• I think you have the use of Zones wrong You talk about X1 and X2 as WAN Zones? and one is connected for wireless ?? X2(or the subnet on it the 192.168.200.0 subnet.. WAN zones connect to the internet i.e it routes all traffic that is no pre-defined by routing rules or interface connectivity. How do zones work in SonicOS? |…

  in Allowing 2 different WAN interfaces to the same LAN interface Comment by MarkD January 15
• IKE UDP 500 is to start a connection, if during P1 negotiation the remote endpoint is behind a NAT device, this will move to UDP 4500. Is the remote endpoint behind a NAT device? Also your logs are from an external syslog collector and may not contain all the information.

  in DROP PACKET IPSEC Comment by MarkD January 15
• UDP port 500 is for Internet Key Exchange (IKE) UDP port 4500 is for IPSec NAT-Traversal (NAT-T) ie the endpoint is behind a device performing NAT on the source address

  in DROP PACKET IPSEC Comment by MarkD January 14
• No the internal gui under Device/Diagnostic/GEO and Botnet gives less information

  in Sonicwall Problems attacks and intrusions Comment by MarkD January 7
• You wont see the make model of the SFP - it maybe buried somewhere in a techsupport dump but I've never been able to find a reference

  in What does "Interface Xxx : SFP set on invalid module" mean? Comment by MarkD January 6
• You can use the botnet lookup to confirm if sonicwall has it in their database A check on the first 146.19.125.15 shows it is. The address is also listed on Abuse IP 146.19.125.15 | TECHNOX INTERNET TEKNOLOJILERI | AbuseIPDB And bl.mailspike.net Mailspike Blacklist Listed sbl.spamhaus.org Spamhaus SBL Listed…

  in Sonicwall Problems attacks and intrusions Comment by MarkD January 6
• double check the Compatility of the module - you could be looking at a failing SFP especially being 10 years old Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSA series | SonicWall

  in What does "Interface Xxx : SFP set on invalid module" mean? Comment by MarkD January 6
• Review your logs

  in Sonicwall Problems attacks and intrusions Comment by MarkD January 3
• If you dont need to see the event in the SIEM disable log inform level events to your for ID 1153 Or restrict access to the SSL vpn end point with geoip blocking you are probably logging attacks.

  in "Send socket full, drop it" flooding my logs Comment by MarkD January 2
• There wont be any ARP or MAC address, but as Arkwright says, can you poll the upstream router via the diagnostic ping and specify the interface

  in NAT access is not possible with Multiple IP address WAN Comment by MarkD December 2024
• I could be wrong, but I would have thought it would be pppoe per vlan not on the physical interface

  in NAT access is not possible with Multiple IP address WAN Comment by MarkD December 2024
More Comments