SonicAdmin80 Cybersecurity Overlord ✭✭✭
Comments
-
Turns out the last module I had at the time was actually faulty and after doing an RMA for it the replacement worked right away. But because the module installation can be tricky to begin with it can be tough to work out if it's just finicky or if it's actually defective. The other thing is that the module seems to be…
-
Yes it's not very clear if it's related. The appliances should really have a status check and test for this.
-
Got a call from a third site that they couldn't go online. I enabled debug logging and enabled all log categories for DNS Filtering and asked them to again open a website. But nothing else in the logs except "DNS Filtering - DNS Query Received". According to previous log hits, there probably should be "DNS Response…
-
After searching it seems it's Neustar UltraDNS. They have a site for service health: But no indication of any errors. Perhaps the issue is between SonicWall and Neustar but no way to know. I didn't have debug logging on so nothing relevant in the logs.
-
I haven't done this myself yet on a SonicWall, but from what I understand you need a configured "parent" interface which SonicOS calls "aggregator port". First configure one of the interfaces the way you want and use that as the aggregator port, then add member ports for it. I'm not entirely sure what internal SonicWall…
-
NAT was mentioned in one of those articles and I get that it might be a requirement in certain scenarios if the device connected to doesn't like answering to traffic not originating from the same subnet, but perhaps it depends on the service and implementation. I'll give multicast configuration a go and I'll find out soon…
-
Thanks @BWC, so no special NAT rules at all between zones? I’ll try to do this with Sonos in a business network, so both mDNS and SSDP might be required but hopefully it’s this simple.
-
I'm not a native english speaker but I think I have a fairly understandable accent, but I also had to wrestle with it the last time. The funny thing is…none of the support techs you usually get on the phone would be able to get through the IVR if they were on that side of the line.
-
Once again the latest firmware release notes say: "For NSv deployments running a previous version of SonicOS 6.5.4.v, upgrading via the System Update option in the NSv management console is recommended for this release." But the firmware isn't available through System Update. System Update was never released for the two…
-
I also feel like DPI-SSL might be more hassle than it's worth at this point, maybe stuff like endpoint protection and DNS filtering are easier to cover some of the same areas without all the management overhead with DPI-SSL.
-
@Community Manager I actually can't create a support case for it because support is backdated to October 2nd. How should I proceed?
-
DPI and DPI-SSL are different things. DPI is what gives you all the Next-Gen Firewall features and should be enabled if you want to utilize the security services. DPI-SSL is broadening this to SSL encrypted traffic and requires a cert in each device. So it could be said that using DPI-SSL will make it possible to inspect…
-
Not yet. I'll do that.
-
Everything online is constantly scanned so I don't think those alerts have much value. I always disable it from the diag page. What might have value would be dynamic blocking logic, where ports would be blocked by source IP if the firewall detects probing to consecutive ports in a short time period.
-
Yea looks like it, couldn't find anything relevant in the diag page.