MarkD Enthusiast ✭✭

Badges (6)

Reactions

0 Promote 4 Helpful 2 Like 0 Spam 0 Abuse

Comments

NSV inside Azure VNET, enable IKE NAT traversal on on both sides ( IPSEC VPN advanced) - use IKEV2 if possible The initial IKE message IKE_SA_INIT to port 500 will include the Payload (41) NAT _DETECTION_SOURCE_IP Payload (41) NAT _DETECTION_DESTINATION _IP it will then negotiate the NAT traversal In Azure you are behind a…

in Cannot establish IPSec Tunnel between remote site and NSv Comment by MarkD September 21
leave the firewall to be a firewall - BUT bandwidth limitation is per physical interface

in Going from a NSA2600 to a TZ640 with 3 switches Comment by MarkD August 21
no you cant on the sub interface only the physical.

in Per-vlan bandwidth limiting Comment by MarkD April 28
on the ISP router/modem

in While creating IPSec VPN between NSA4700 & Tz370, i am getting below error. Comment by MarkD April 24
create an address object for DNS server and add that to the VPN instead of the X0 subnet. you could always add rules afterwards

in Interesting VPN / DNS question Comment by MarkD March 23
So on your switch, you have your 2 access ports one on VLAN 2 connected to X0 and the other on VLAN 5 Connected to X1 and their native VLANS are configured?

in sonicwall / cisco switch Configuration ( 2 separate LAN networks using 2 different ports) Comment by MarkD February 28
maybe something to look at unless its already set.

in NSA2700 to TZ270 Tunnel Interface dropping SNMP Comment by MarkD October 2022
you may want to check out the Aruba Support pages for Instant on What are the ports that needs to be allowed on Firewall in order to bring up Aruba Instant ON APs? | Everything Instant On

in If anyone has deployed an Aruba Instant On Access Point (AP22) how was your firewall configured? Comment by MarkD October 2022
We always use the Windows NPS with the extension for Azure MFA with the push notification for approval.

in What do you use for a 2FA OTP email account to send the one time password for SSL VPN Comment by MarkD August 2022
https://www.sonicwall.com/techdocs/pdf/switch-administration_guide.pdf pages 47 and 48 cover Link aggregation and Port trunking.

in Link Aggregation (LACP) with Windows Server 2019 Comment by MarkD August 2022
You will need to add the specific route on the VNET in order to pass traffic back to via the NSV. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

in How do I access the Azure VM after I've vpn into the NSv via NetExtender? Comment by MarkD July 2022
I dont believe this is possible directly on the applicance, you may want to look at a third part product to alert. but you will still need to manually correlate to the relevant connection in order to terminate. https://www.fastvue.co/employee-internet-usage-reporting/#downloadtrials

in NSA 2650 - How to send alert/notification when users download file size exceed 100mb? Comment by MarkD July 2022
If I understand the VPN server you refer to is "out on the internet, external to your environment" Have you implemented Firewall rules that permit the VPN through the firewall? I'll make the assumption is an IPSEC VPN Here is the MS article Troubleshoot Always On VPN | Microsoft Docs specifically 809 points to UDP 500 and…

in TZ370 cannot join external VPN (IKEv2) from VLAN behind Firewall Comment by MarkD July 2022
I saw that "X1 IP" is defined as 192.168.1.30 looks like your ISP router is also doing NAT instead of having the X1 with a non RFC1918 address, you will also have to create the apporpriate NAT rules on the ISP router.

in Help redirecting port/service to LAN server Comment by MarkD June 2022
If these services use different WAN interfaces, create route and NAT policies to define the egress interface and NAT address

in How to manage internet traffic with two internet network in one firewall device - sonicwall nsa 3700 Comment by MarkD June 2022

More Comments