TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
Start by learning about "Zero-trust" concepts. The gist of it is only allow what is known. Any unknowns must not be allowed. So if you know what ports and servers are used by your gamers, than only allow connections to those. Anything outside of those connections must be properly vetted before they are allowed. People…
-
Custom GEO lists in Access Rules do not allow for exclusions and take precedence over the global settings. So either you use the global settings only, or allow US in the Access Rule GEO list.
-
@Simon_Weel thats the limitation of CATP. Theres currently no way around it. @PietroCeribelli rather than disabling ZIP inspection I would suggest excluding your VPN Subnets from inspection.
-
It doesnt mean you dont need the policy, but simply your settings are incorrect. Instead of utilizing a group of objects ('LAN Subnets') try specifying only the appropriate interface subnet object ('X0 Subnet') in the policy.
-
"the IP config of the new one is exactly the same" Just because the IP address configuration is the same doesn't mean the other configurations are the same. Think about what the 'freebox' is doing for your network: does it act as more than a router? Does it NAT? Does it firewall? If its doing anything other than routing…
-
Not that I'm aware of. You'd have to set session timeouts to be pretty strict IMO.
-
https://letmegooglethat.com/?q=sonicwall+marketing+materials
-
Even with security notices we rarely upgrade to the latest firmware release because frequently they mess something up. Rule of thumb: Never upgrade production devices with the latest firmware, always test the firmware first and rule out major issues…
-
I will answer some questions but you do need to do your own research. should I expect this tunnel to perform 1/4th of wirespeed?: Between encryption and overhead, I pretty much always expect 1/4 to 3/4 of line speed when utilizing a VPN tunnel depending on the underlying protocol. Remember, any traffic going over the…
-
We can't see what your client command is and running iperf with the defaults isn't representative of 'normal' traffic from my experience. Latency DEFINITELY affects perceived throughput. 100Mbps with 100ms latency is completely different than 100Mbps with 5ms latency. To emulate the test that Sonicwall performs you'd have…
-
Are you hitting flood protection thresholds and the device is doing what its told (aka dropping traffic considered to be a flood)?
-
SMB is notoriously poor as a protocol for testing. Use something like iperf. Also note from Sonicwalls spec sheet: "VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544."
-
If you have TCP Streams enabled in GAV settings, try disabling that. I've seen that hose speed tests before.
-
Youll have to convince your compliance officer to add an exception for it.
-
Key info: "Got signal: Segmentation fault (11) at 1724777263" "1724777263: ===== Stack Trace of cloudSyncTask(0xffff8d712d40) =====" Try disabling the automatic cloud backup of the configuration. IIRC there were previously issues with cloud backups on certain firmware. Maybe it has returned.