Comments
-
AOV should be always on VPN, did you set anything about it?
-
it means used 1GB from 1TB. You still have 943GB for logs.
-
User level setting will override domain setting. You can create new group/user then follow step 2 from kb. Then those new users can use email or totp for otp. Or you can enable all the options on domain settings. It should work on any OTP method. Except mobile connect on IOS/android, it only use the "Prefer" otp.
-
If you are running sma 100 series and with firmware 10.2.X. You can put wireguard on top over sslvpn protocol. This is a workaround for IOS16.1. Only SSLVPN protocol was affected.
-
Did you check this? https://community.sonicwall.com/technology-and-support/discussion/4573/any-one-had-issues-with-kb5018410-win-10-and-kb5018427-win-11-breaks-vpn#latest
-
Did you connect to a sma 100? Try disable wireguard from SMA or drag it to bottom.
-
Generally, the requirement is not hard to achieve but we don't understand your network. Maybe you can try redirect all to check if it works. Also, try call sonicwall support and let me remote check the config on SMA with you. We can't check the configuration. Just theoretically achievable.
-
Then mobile connect is not sending DNS to internal. Quick test just try "Enable Use tunnel as primary network (Mobile Connect only)". Remember to re-login after apply change.
-
@Erdal Add the private IP as "host name or IP" if you just added as URL resource. Then add to ACL. And what client you are testing? window CT is totally different from mobile connect. For mobile connect, enable the "primary network" checkbox will work as well. You can see the different before and after connected mobile…
-
@Erdal It don't really need the domain suffix if you just got 1 website. Search suffix with split route mainly for wildcard hosts searching. From SMA POV, you have to make the FQDN resolve private IP in SMA DNS resolution. When SMA can get private IP & your ACL allow to the private IP, CT will deploy routes to window once…
-
From my own understanding, not 100% sure. Device VPN use PKI authentication(no credentials support) and run as window services. As a result, once device boot up, no matter user login or not. The CT window service will to use system store certificate to login SMA and provide limited connection to internal network. Network…
-
With device VPN only, UI should show connect button for user VPN. Yes, it looks like a bug so you can reach sonicwall to fix.
-
Do you mean API on client itself or SMA appliance? PC client , you can just check the UI. For SMA, it support REST API. Append /Console/Help to AMC and you will find.
-
Device VPN is real always-on. It is connected even window user does not login to windows after cold boot. Network logon I don't think its always-on, they are different stuffs.
-
Those websites need public A record, not cname or alias. With correct A record, CT will add the public IP to client route table and route to SMA.