Comments
-
Please upgrade to the latest @Chamil to reduce some variables. The version you are on had some issues with SSL VPN that caused it to stop working until a reboot. If it is still happening after the upgrade, open a support case with us to investigate this further.
-
@charlyu, are you on the latest version of the firewall firmware?
-
The one that is higher in order precedence
-
Servers should upgrade automatically in 3.6 without user login. Did this happen in 3.6.30 as well?
-
Do you only have 1 server source IP?
-
@MeNoRevs, is still issue present in 10.2.1.1-19?
-
Content Filter Premium is usually better since web requests are more reliably categorized vs signatures that may require DPI-SSL for full effect. You should do both if you have the licensing.
-
@Manuel, are the two units deployed in the same resource group with the identity and permissions? Please see https://www.sonicwall.com/techdocs/pdf/nsv-series-on-azure-6-5-4-getting-started-guide.pdf on page 16-20. It is on the older UI but the concepts are the same.
-
You should see the source address change. In this case, your filter is not going to show the source changing because you put a filter for the public IP. Can you packet capture on the AWS side?
-
There are many ways you can do this. If the MPLS networks are your WAN's, you can setup WAN load balancing and failover Use routing policies with probes that disables routes that fail the probe check Setup S2S VPN's (if they are not WAN's) across MPLS and use SD-WAN
-
Either your packet capture isn't filtered correctly or your source nat is not applying.
-
What Preston said is accurate.
-
The Remote server Public IP. Just make sure you have the correct routes in place on both sides to send traffic down the VPN tunnel (tunnel interface VPN is ideal here).
-
To something the AWS side will send back down the VPN to the SonicWall side (probably the X0 IP). Why is the original source the private IP? I thought you were NAT'ing all internet traffic inbound and it should be 'any'.
-
Change the translated source in your NAT rule.