Comments
-
The POE injectors for the ACE/ACI should support the 231c's since POE is standardized. I would suggest looking into a FPOE SonicWall Switch if you are doing this at scale.
-
@RedNet, try disabling "Send IKEv2 Invalid SPI Notify" on both firewalls then restart the tunnel and monitor it. That is the only issue I know about that presents similar behavior. If this stops the issue from happening, then there are hotfixes available for you. I would also suggest you setup some sort of syslog server…
-
@BWC, all correct, except the last line that I am unsure about. There were slight differences in beta units vs full release units on that front and I only have beta units myself.
-
@R1chR, I assume you are looking for the equivalent of this https://www.sonicwall.com/support/knowledge-base/how-to-assign-multiple-public-ip-addresses-to-nsv-on-microsoft-azure/181219170721108/ for AWS? I don't see the equivalent but from some searching, it seems possible but depends on your instance size.…
-
@BWC , the 570/670 both have 16 GB of eMMC but the 670 comes with 32GB of the secondary storage preloaded. The other TZ models have empty secondary storage modules. I get the confusion because we omitted the built-in storage from the datasheet.
-
It is possible this is a driver issue on windows or interaction of the driver with GVC. Update your NIC driver/windows to the latest and make sure you reinstall GVC on the latest version too and let us know how that goes.
-
@TomC, if you are interested in a 500v trial, please reach out to your account manager at SonicWall to facilitate it. Depending on the underlying hardware, the 500v can be faster than the SRA, even though it is 32 bit, it can use PAE so its possible to use more than 4GB but usually you don't need to. I would also suggest…
-
@HCECENES_93, is the device on the same subnet as the firewall or is it being routed through an intermediary router? If it is being routed before it hits the firewall, the mac will change to the routers address and no restriction will be in effect.
-
Yes it is compliant with 800-171 -- It is FIPS 140-2 compliant. https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&Vendor=Sonicwall&CertificateStatus=Active&ValidationYear=0 As for ISO 27001, I am not as familiar with this framework so I will let someone else…
-
You can put these interfaces in the DMZ zone or into a newly created zone which does not have any rules autogenerated for access to LAN/other resources.
-
@djhurt1, do you see any logs for Encrypted Key Exchange -- UDP Random Encryption(UltraSurf) or Encrypted Key Exchange -- TCP Random Encryption(Skype,UltraSurf,Emule) being blocked?
-
@AgasthiamaniS -- is this expected behavior? @Doug_Daniel, my opinion is that we should be able to support this scenario with credential caching or some tweak to session expiry timers.. If you haven't touched base with support on this, please do so.
-
@Network_Admin, when you were testing this, did you disable OSPF on the Point to Point?
-
From the sounds of it, this issue is almost certainly bug ID GEN6-1275, we have a hotfix for this issue you can get from the support team.
-
@BWC , a file will only be sent once and then we keep the hash for a while so that if someone else downloads it in the future, we can do a static lookup instead of dynamic analysis (actual transfer of the file). It is rare to run into that many unique never-before seen files in such a small time period in one environment…