RedNet

Enthusiast ✭✭
Default Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

RedNet Enthusiast ✭✭

About

Username
RedNet
Joined
Visits
96
Last Active
Roles
Partner
Points
59
Badges
6

Badges (6)

1 Year Anniversary5 LikesFirst Answer10 CommentsName DropperFirst Comment

Comments

  • Thanks @BWC - I had submitted a support ticket before this post and they were pretty quick to respond and add another year to the Geo+Botnet feature..... but only another year and not in sync with the other license to 2023, so looks like I will be chasing again next year 😅 Hope all is well with you and cheers!
  • I am not sure what your topology is, but all you need are route tables associated with the correct subnets (both the VM subnets and the SMA), Then the missing piece is enabling "IP Forwarding" on the SMA NIC in the azure portal. I found that if you have the netextender pool of IP's in the same subnet as the SMA NIC then…
  • My understanding (SAML in general) the auth is redirected to M365 and the auth SAML token is generated by Azure (not the SMA) and the SMA/Netextender picks it up from the "users" browser session, so your "always on" will never work in the way I am understanding you want it to. But this is not an SMA problem, this is…
  • I had to go with LDAP portal for the MAC and stand up a radius server with the azure MFA nps plugin. 😒
  • Hi @Nat Did that Logout URL work for you, I see the same with Azure SMA 500v using SAML to o365 Azure AD. Everything working fine but the user logout is not happening on the SMA when the users logs off the portal.... tried lots of URLs on my SAML app reg in o365 which I have seen mentioned but none seem to work.
  • Above is my go to, not sure if it will change for OS7/OSx7.
  • Hi @Paul_Clutton , I have just been deploying another 500v in Azure and had a chance to play around with this and have got it working if you havent figured it out already? There is one drawback in something being quite a manual task to be done. I am looking still for options on how to make this part easier. Let me know how…
  • @MasterRoshi This seems to be it, no issues since on these sites, even with the IKEv2 tunnel with "send IKEv2 Invalid SPI Notify" disabled. Thanks! Would you have the hotfix or Bug ID for this please, do you know if its marked to be fixed in any later release?
  • Great another person with my issue :) .... we might be able to get this sorted so! No I havent found the solution, as NAT mode does what I need I am not under too much pressure to get it sorted. Sounds like you have the exact same issue. I have an NSv between the SMA vNet and the Azure servers vNet, I dont see the traffic…
  • Thanks @BWC , yes we have the same here with stock on these units and lead times from our reseller were always "sometime in early 2021", so another reason I haven't pulled the trigger just yet. You've actually highlighted a mistake in my own thinking with the unified policy, I had just assumed this was in both OS7 and…
  • @BWC Thanks a lot for your updates and efforts so far with the new Gen. Can I ask how have your deployments to customers gone so far? I have a few customers who will be due a refresh and at this point I feel obliged to push them to a Gen 7 over a Gen 6.5, to give them adequate lifetime value. I have a few sites where the…
  • @MasterRoshi so far so good on all 4 sites, so it looks like "Send IKEv2 Invalid SPI Notify" is the culprit here. Though I will leave it for another couple of weeks, as we have had times where all is well for 3 weeks.
  • Thanks for this, you have obviously taken the time to read and understand my problem which is a huge relief. Your suggestion makes sense and I have been thinking about this more since posting and do believe the issue must lie with IKEv2. I have applied your suggestion to 2 of the 4 customer sites I am having this issue. On…
  • Thanks for that, its a suggestion which makes sense and you have obviously taken the time to read and understand my issue.. having this issue (with my customers looking for answers) and not being able to speak to a vendor support member who can actually understand the problem is a really frustrating position to be in. I…