Comments
-
Sounds like either the WeWork upstream firewall or ISP is touching the ESP traffic. Hopefully they don't have ESP ALG enabled (ugh) because it sounds like when you are manually renegotiating the tunnel and the SPI's change, this issue starts.
-
900 is just the redundancy interval. Can you confirm that the event actually triggered in the local UI logs?
-
Have you used NSM Analytics?
-
Not currently supported. The only place the supports auth is the botnet custom list. You could potentially make a IP whitelist. Reach our to your account manager to open a feature request.
-
@MPan, can't you take a pcap on both ends of the tunnel with "Monitor intermediate IPsec traffic" enabled and see if the ESP/ICMP packet that leaves site A arrives at Site B and vice versa? Pretty simple way to conclude if SNWL is at fault here. You will see missing sequence numbers for ICMP/ESP if the ISP is at fault.…
-
@harriskim25, please reach out to your local sonicwall account manager and discuss professional services options.
-
Are you using policy or tunnel based VPN's? Either way it should work but the requirements differ a bit. My immediate guess is that you don't have a VPN -> VPN rule at the Main site.
-
Provisioning profiles are usually for SonicWaves. Internal wireless like the TZ 370W is configured in a different section of the UI.
-
Please open a case on this and provide these screenshots and a HAR file from your browser debug while reproducing it.
-
Make sure flow reporting is enabled on your action object as well.
-
Do you have a content filtering policy applied to everyone? We show the websites visited even for 'unknown'.
-
@SWuservpn , did you enable DPI or DPI-SSL? You have to import certificates for DPI-SSL or you will get certificate errors. This is in the wrong forum since it is a firewall question.
-
Group is possible. https://www.sonicwall.com/support/knowledge-base/how-to-set-unique-groups/170502399124291/
-
If you are the product owner, you can contact the customer service team at SonicWall to take ownership of the device in your own MySonicWall.
-
Installing on mobile is possible but usually mobile devices are BYOD and are not subject to DPI-SSL (in their own networks). If you have corporate mobile devices you should be able to push the certificate using your central management tool.