Comments
-
Thanks for this, you have obviously taken the time to read and understand my problem which is a huge relief. Your suggestion makes sense and I have been thinking about this more since posting and do believe the issue must lie with IKEv2. I have applied your suggestion to 2 of the 4 customer sites I am having this issue. On…
-
Thanks for that, its a suggestion which makes sense and you have obviously taken the time to read and understand my issue.. having this issue (with my customers looking for answers) and not being able to speak to a vendor support member who can actually understand the problem is a really frustrating position to be in. I…
-
just also to add, if I dont bounce the vpn tunnel it never starts working again (even when the phase 1 and 2 lifetimes expire). I can leave it broken for a week and it wont start working until I manually bounce the vpn tunnel.
-
Thanks for the update!
-
I had to go through all of this so here's the story. I am the same person as the OP Otown :) If your NSv in azure is already a 6.5.4 then you can use the SWI or system upgrade, have used SWI and it was fine. If it is lower than 6.5.4 (like 6.5.0.2) then you need to spin up a new NSv VM and migrate the config and PIPs. I…
-
Hi, the issue is not config based, it is a firmware bug. The tunnel route does not become active automatically when the FW is rebooted, only on the latest firmware and on Gen6 devices. After reboot the vpn tunnel is up (route based VPN), but needs to be disabled/enabled for the associated routes in the routing table to be…
-
We see the same ourselves since upgrading NSA 2600 to 6.5.4.7-83. Post reboot after applying the update all route based vpn's are established but the route is greyed out/unactive in the routing table. Bounce the VPN and the route becomes active in the routing table again. The route is not reliant on or associated with any…
-
No worries, thanks for the input. I had never seen "Europe" as a tag for the country field of an IP in the RIPE db. So, i'm sure you are correct and that's probably what it is. I just assumed SonicWALL had just created a GEO-IP group for all of the EU countries instead of having to add them all individually.
-
Ah I get what you are saying now, so for some IP's the country tag is marked as "Europe" in the registration DB's? I only allowed Europe and my Ireland IP was blocked. Why isnt it checking the continent code described here? I cannot check maxminds DB but I can look at the continent code from whois using whois: The IP's…
-
But "Europe" on the firewall's Geo-IP table is an option, so what does it contain, one would assume it is the continent of Europe and groups all countries within? Obviously this is not the case as on my example Ireland is being blocked. I have a tech support ticket open to get clarification - they sent me a link to a KB…
-
@daniel_lilja Yes I had the same and could only ever deploy to a new RG, which in the end was actually better as all related resources to the NSv are in their own RG ... interfaces, pip's, storage etc. You could probably pshell it into another RG once you have deployed, as I am guessing its just so all of the resources it…
-
Thanks, no need for mobile connect from Android devices on this site, so not an issue.
-
Thanks for the feedback Seb, funny I have tried on many firmware's over a number of fw models as I said and never seem to get those speeds, The NSv is the only platform I get decent speeds on. Good to know its possible, have you any devices on a lower firmware where you get similar speeds. I have a test case TZ600 on…
-
I havent used the sslvpn on the APs yet. But I would assume your issue here is that the AP NAT's both devices behind the AP (laptop and phone) to the single sslvpn client IP of the AP and this is the source of your issue. If you put a softphone on the laptop does it work ok? or this and using netextender on the laptop…
-
Thanks @Saravanan