Comments
-
If you are sending traffic down a tunnel you may need to source NAT the traffic too since the server on AWS will just route the public IP reply out its default gateway.
-
@stevmorr, you can check out capture labs portal for news, CVE's, signatures and more.
-
You might have a rule higher up in the stack affecting the traffic. Its also possible there is IP spoofing/asymmetric routing issues. Can you take a packet capture and see what happens to the traffic?
-
The NAT policy should look like the same as on-prem. https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-nat-policies-on-a-sonicwall-firewall/170505782921100/ Are you sure the X0 IP being the destination is correct in your access rule? Usually X1 is the WAN side.
-
The SWS14-24 cannot do 5GB, it will negotiate 1GB in this scenario.
-
Is it a business license like Exchange Online Plan 1/2? If so, yes it can protect it as but only the email portion.
-
There may be another vendor or solution that is querying these domains. Can you track it down by enabling debugging on your internal DNS server or looking at the source IP of the requests if you don't have an internal DNS?
-
Yes it can auto-negotiate 2.5 Gb for your modem. If you have a switch that only supports 1/10, then it can only use 1GB, ideally your switch can support 5GB.
-
A static ARP entry may still be required if it is not a routed pool of IP's by the upstream device and requires ARP. Do both.
-
The 670 comes with a 32GB secondary module in place for long term storage. You can go ahead and enable it in the UI screen below. This way the secondary module will keep the logs for long term storage. The primary storage is ephemeral and has FIFO and will dump on reboot etc...
-
@T16 , A/P in Azure will failover around 3-5 minutes. This is mainly on the Azure side since we have to use API's to move the secondary interfaces between hosts. It does not work like hardware HA since Azure does not support multiple devices simultaneously having the same IP on the same subnet and failing over in…
-
@Kent , I highly recommend you use port redundancy instead of a portshield or bridge for these scenarios where it is simply for HA, and the switches have a link to eachother anyway.
-
@RyanH, this should be fixed in the release that just came out.
-
You can usually do a packet capture while you reproduce the issue and filter for any SNI's in the Client Hello (using something like WireShark) to see the domains it attempted a connection to.
-
It is definitely possible, you can see in a packet capture if the traffic destined for those additional addresses is arriving at the firewall or not.