Comments

• The NAT policy should look like the same as on-prem. https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-nat-policies-on-a-sonicwall-firewall/170505782921100/ Are you sure the X0 IP being the destination is correct in your access rule? Usually X1 is the WAN side.

  in access webserver Comment by MasterRoshi August 2021
• The SWS14-24 cannot do 5GB, it will negotiate 1GB in this scenario.

  in TZ570 5G ports - backwards compatiable with 2.5G Comment by MasterRoshi July 2021
• There may be another vendor or solution that is querying these domains. Can you track it down by enabling debugging on your internal DNS server or looking at the source IP of the requests if you don't have an internal DNS?

  in What are these hostnames in my network - *.griddnsd.global.sonicwall.com Comment by MasterRoshi July 2021
• Yes it can auto-negotiate 2.5 Gb for your modem. If you have a switch that only supports 1/10, then it can only use 1GB, ideally your switch can support 5GB.

  in TZ570 5G ports - backwards compatiable with 2.5G Comment by MasterRoshi July 2021
• A static ARP entry may still be required if it is not a routed pool of IP's by the upstream device and requires ARP. Do both.

  in TZ600 series does not recognize the other IPs of the same subnet Comment by MasterRoshi June 2021
• The 670 comes with a 32GB secondary module in place for long term storage. You can go ahead and enable it in the UI screen below. This way the secondary module will keep the logs for long term storage. The primary storage is ephemeral and has FIFO and will dump on reboot etc...

  in TZ670 Memory and Logs Comment by MasterRoshi June 2021
• @T16 , A/P in Azure will failover around 3-5 minutes. This is mainly on the Azure side since we have to use API's to move the secondary interfaces between hosts. It does not work like hardware HA since Azure does not support multiple devices simultaneously having the same IP on the same subnet and failing over in…

  in Is there any detailed documentation on the HA capabilities of the Azure based NSVs? Comment by MasterRoshi June 2021
• @Kent , I highly recommend you use port redundancy instead of a portshield or bridge for these scenarios where it is simply for HA, and the switches have a link to eachother anyway.

  in Sonicwall NSA3600 - two switches Comment by MasterRoshi June 2021
• @RyanH, this should be fixed in the release that just came out.

  in TZ 270 - 7.0.1-R1262 - VPN Tunnel Issues? Comment by MasterRoshi June 2021
• You can usually do a packet capture while you reproduce the issue and filter for any SNI's in the Client Hello (using something like WireShark) to see the domains it attempted a connection to.

  in TZ670 DPI-SSL Client and Dropbox Comment by MasterRoshi June 2021
• It is definitely possible, you can see in a packet capture if the traffic destined for those additional addresses is arriving at the firewall or not.

  in NAT Issues? Comment by MasterRoshi April 2021
• @César_S, can you confirm you used the configuration wizard to create the NAT/Access rule? If not, please delete your access rule and NAT and use the public server guide wizard to do it.

  in NAT Issues? Comment by MasterRoshi April 2021
• Try removing the route and test again.

  in NAT Issues? Comment by MasterRoshi April 2021
• @César_S, it would help if you posted screenshots of your address objects, static arp entries and NAT/Access rules. You can blur out the actual IP addresses but keep everything else. This config is not uncommon and I have seen it many times.

  in NAT Issues? Comment by MasterRoshi April 2021
• The python request module should be fine. You can use postman to learn the API and then convert the code into python until you get familiar with it. https://www.sonicwall.com/support/knowledge-base/how-to-migrate-fqdn-address-objects-from-a-gen-6-to-gen-7-device-using-sonicos-api/200812073105770/

  in SonicOS API with python3 Comment by MasterRoshi April 2021
More Comments