Enthusiast ✭✭
Default Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

RedNet Enthusiast ✭✭

Badges (7)

2 Year Anniversary1 Year Anniversary5 LikesFirst Answer10 CommentsName DropperFirst Comment


  • On outbound traffic no, on inbound on the SMA yes. But the Geoip & Botnet license date still wasnt renewed on the mysonicwall portal.... the support and firmware has updated. Have it in with support anyway.
  • Hi @BWC , same thing again with this and the other SMA's I have, finding it hard to get someone in support to acknowledge there is no SKU this time round @admin
  • Thanks @BWC - I had submitted a support ticket before this post and they were pretty quick to respond and add another year to the Geo+Botnet feature..... but only another year and not in sync with the other license to 2023, so looks like I will be chasing again next year 😅 Hope all is well with you and cheers!
  • I am not sure what your topology is, but all you need are route tables associated with the correct subnets (both the VM subnets and the SMA), Then the missing piece is enabling "IP Forwarding" on the SMA NIC in the azure portal. I found that if you have the netextender pool of IP's in the same subnet as the SMA NIC then…
  • My understanding (SAML in general) the auth is redirected to M365 and the auth SAML token is generated by Azure (not the SMA) and the SMA/Netextender picks it up from the "users" browser session, so your "always on" will never work in the way I am understanding you want it to. But this is not an SMA problem, this is…
  • I had to go with LDAP portal for the MAC and stand up a radius server with the azure MFA nps plugin. 😒
  • Hi @Nat Did that Logout URL work for you, I see the same with Azure SMA 500v using SAML to o365 Azure AD. Everything working fine but the user logout is not happening on the SMA when the users logs off the portal.... tried lots of URLs on my SAML app reg in o365 which I have seen mentioned but none seem to work.
  • Above is my go to, not sure if it will change for OS7/OSx7.
  • Hi @Paul_Clutton , I have just been deploying another 500v in Azure and had a chance to play around with this and have got it working if you havent figured it out already? There is one drawback in something being quite a manual task to be done. I am looking still for options on how to make this part easier. Let me know how…
  • @MasterRoshi This seems to be it, no issues since on these sites, even with the IKEv2 tunnel with "send IKEv2 Invalid SPI Notify" disabled. Thanks! Would you have the hotfix or Bug ID for this please, do you know if its marked to be fixed in any later release?
  • Great another person with my issue :) .... we might be able to get this sorted so! No I havent found the solution, as NAT mode does what I need I am not under too much pressure to get it sorted. Sounds like you have the exact same issue. I have an NSv between the SMA vNet and the Azure servers vNet, I dont see the traffic…
  • Thanks @BWC , yes we have the same here with stock on these units and lead times from our reseller were always "sometime in early 2021", so another reason I haven't pulled the trigger just yet. You've actually highlighted a mistake in my own thinking with the unified policy, I had just assumed this was in both OS7 and…
  • @BWC Thanks a lot for your updates and efforts so far with the new Gen. Can I ask how have your deployments to customers gone so far? I have a few customers who will be due a refresh and at this point I feel obliged to push them to a Gen 7 over a Gen 6.5, to give them adequate lifetime value. I have a few sites where the…
  • @MasterRoshi so far so good on all 4 sites, so it looks like "Send IKEv2 Invalid SPI Notify" is the culprit here. Though I will leave it for another couple of weeks, as we have had times where all is well for 3 weeks.