Twizz728

Newbie ✭
Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Twizz728 Newbie ✭

Badges (8)

First Answer3 Year Anniversary2 Year Anniversary10 CommentsName Dropper1 Year AnniversaryFirst CommentPhotogenic

Comments

  • @MitatOnge let me ask you this. I tried that approach and ran into a few issues. I was able to create a firewall rule to allow traffic from the guest network subnet using any ports and any services to the specific static IP of the copier. I can now print to this copier and when doing a scan of the guest subnet it doesn't…
  • Hey @Marco, Just curious if you ever got this configured the way you wanted and what approach you took. I'm working on the same thing right now. Thanks!
  • @MitatOnge quick question. Dynamic address objects vs the botnet list. I'm sure both of these options have the same end result which in my case would be to block the URL or IP that is on the list. Is there any down side to using one vs the other, other than the max count list for the Dynamic Address Objects? Thanks!
  • It's clean with 11k records. The max is 5000 records per list, so every 6 months to a year I have to create a new list.
  • Just as an update to this. I turned off the FQDN Dynamic list and my malicious hit count went down.
  • @andyoeft I was never able to get a clear resolution on this. I tried the examples above but nothing ever worked correctly. I ended up creating a guest network with the secondary WAN circuit without the sonicwall being used. Socks that I had to do that.
  • In my head I'm thinking that I put the printer on a DMZ interface and then setup access rules as folows, Allow traffic from LAN to DMZ (X0 Interface to X5 Interface) Allow traffic from Guest to DMZ (x6 Interface to X5 Interface) Deny any traffic from DMZ outward (X5 Interface to ANY) I want to ensure that someone can't…
  • Hello @MITATONGE, I've updated the address object zone to WAN but I still have the issue.
  • Thanks @MITATONGE for the post. The picture I attached is actually when I was troubleshooting the issue and I had changed WAN to LAN, but the address object is set to WAN and has the malicious IP and that IP is in a Group that is assigned in the rule to block LAN TO WAN but it still isn't working. I have the rule set to…
  • Thank you @BWC I will update my SonicWALL and remove the router. I want to explain the situation I'm having because you might have some insight into this. My SonicWALL is setup to point to 2 specific DNS Servers that monitor and log all the DNS requests. I then receive a report from my vendor every couple days that details…
  • @BWC let me ask you this. Does there even need to be a router on this interface? Could I simply put a switch there and let the SonicWALL handle DHCP and everything else? I feel like the only reason I added the router in between the SonicWALL and the switch was because it wouldn't give IP assignment unless the router was…
  • I know its been a while since I last commented but I was just now able to try to setup a DMZ and let me tell you what I've run into. I've got my primary LAN on X0. My WAN on X1, Guest Network on X6 and my DMZ set to X5. Primary LAN 192.168.100.1, Guest Network 192.168.200.1, and I set the DMZ subnet to 192.169.150.1 I have…
  • @Sliderhome Those IPs were incorrect. The ISP provided me with the IP Addresses I use and the subnets. When I input them both I get that error message (Error: Subnet on the interface overlaps with another interface). I'm thinking of asking the ISP to change one of the subnets to something like IP1 100.111.222.5 and IP2…
  • @Larry I believe that solves my issue with the external IP Range. The pen testers were able to do their external pen test but now I have a different question that's somewhat related I believe. My vendor is doing two types of test. They needed their IP Range allowed so they could penetrate the network to see what they could…
  • @Sliderhome and @Ajishlal thank you for the replies. @Sliderhome I've attached an image of my interfaces with the information changed. But for example, My primary WAN connection coming into my facility has an external static IP assigned to (100.123.26.1). In the picture it is labeled as the secondary WAN. My ISP has…