TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
Maybe the company should look into softphones if the hardphones are moving so much… I would suggest a 'loopback' NAT for the PBX public address on Location 1's firewall, then reconfigure all the phones to point to the PBX public address. Then they can move where they want. But my first statement still stands.
-
"Is there anything else that needs to be programmed into the SonicWall so that the NAT Policy is always active and does not miss any type of packets?" If the policy is enabled it is active. Run a packet capture when the issue occurs. Or just reconfigure the phone to use the local address…
-
Using a VLAN on the WAN port for internet access is doable. The pseudo guide they provided gives you a good example (the Sonicwall is a router with a zone based firewall). Be specific about what issue you are having, otherwise we aren't going to do your job for you.
-
You've basically answered your own question.
-
AFAIK, yes (as long as its available) and yes. IIRC, you do not need to license both devices, only the 'primary'.
-
My guess with regards to the 'good reports' is that these admins had already run into issues with 7.1.2 and dealt with them at that firmware version. It seems to me if you skip 7.1.2 you'll run into said issues with 7.1.3.
-
Contact the administrator of the device you are connecting to with NetExtender and contact your M365 admin. There are no settings a user can change that would effect Teams quality issues.
-
Whats on the other side of the tunnel? If you don't control the other side work with the vendor and explain the change being made. They may already have a solution. Compare logs with them. It may take a 30 min phone call but its alot better than try to push a square peg into a round hole.
-
Don't just cross your fingers, export a good config before updating to 7.1 and plan to import it immediately after. Many of us waited for 7.0 only to be disappointed for over a year after initial release. I don't see 8.0 going any differently.
-
I would be doing NAT inside the tunnel config, not outside of it. Try getting just one 1to1 tunnel to work. Then you know it can be done and attempt modifying it to include the other addresses. Rant: I dont know who designed / programmed WatchGuards but they are terrible to administer and decipher.
-
Share some sanitized screenshots of the tunnel config, and a brief description of the address objects used.
-
To expand on Arkwrights reply: Some implementations of firewalls will be more sensitive to things like sequence randomization. While it's likely part of a published spec, not every manufacturer follows specs, and not every admin keeps firmware / OS / software up to date to meet said specs. Vent: The internet is the wild…
-
I suggest translating any local traffic to single address. Remote side can be to multiple IPs in a group. A note, when you enable NAT on the VPN tunnel, it will automatically create the appropriate NAT rules. You don't need to manually create them.
-
Did you enable 'enable management traffic' on the rule? or the same in the VPN tunnel config?
-
Is the 'Cheer Gym' address object a range of IPs in the SSLVPN zone? Might help to rename that to something clearer. Is the 'internal' network you are trying to access remotely on the Sonicwall's X0 interface? Than use 'X0 Subnet' instead of 'LAN Subnets'. Do you have an internal DNS server? Than use the internal DNS…