SonicAdmin80 Cybersecurity Overlord ✭✭✭
Comments
-
And Azure Active Directory Domain Services for LDAP.
-
Have you configured port mirroring on the switch for traffic from those device ports to be sent to the capture device?
-
How is your capture device connected and how are you forwarding traffic to it? Modern networks are switched so you don't see traffic going to other devices without configuring this on the switch.
-
I installed the hotfix, so far so good.
-
I'm also seeing this on TZ500 6.5.4.10. Has anyone seen other issues with the hotfix? We are not using Virtual Office portal.
-
By design the inactive firewall doesn't respond to traffic coming from a different subnet. So either a NAT rule or same-subnet probing is needed.
-
Good point, I'm not using SSO in any environment currently. If login uniqueness can't be used I guess the only option is to fix the end user network stability, or move to a SMA or another VPN solution.
-
I'll be waiting reports before taking the plunge. Not much confidence in these updates these days.
-
This can happen if the end user has a poor network connection that keeps dropping and the renegotiation doesn't work as expected, so it opens up a completely new connection. The old sessions stay in the active connection list using a license until the set idle timeout runs out. This can be avoided by setting "Enforce login…
-
I'll wait a few weeks to see what pops up. 😁
-
@BWC Well, I'm glad I did what I usually do, wait a couple of weeks at least after release before installing. And I fear what happens when Gailand retires...
-
@BWC I usually start configuring a new appliance after resetting it to factory defaults and updating the firmware through Safe Mode, but I can't remember the options either. But sounded odd that exporting settings without a password would be allowed in Safe Mode. I still haven't used Gen 7 devices much so don't know all…
-
@BWC On most networking appliances you need to know the admin password to export settings, but I haven't done the export in Safe Mode on a SonicWall, so can't be sure. If it's possible it's a bit of a security hole although user passwords aren't in a readable form and the built-in admin password isn't included. Could it be…
-
@BWC Does this really work? I don't think I've ever exported the settings through Safe Mode and I've assumed that the settings can't be exported without knowing the current password as a security feature.
-
Java requirement is very bad. If they really need to use it, they should bundle it with Connect Tunnel. @helpdeskinc, have you tried Wireguard support in the latest SMA firmware? It's supposed to be faster than regular SSL-VPN.