Comments
-
With site to site VPN, what caveats will I run into with a couple sonicwaves at the remote site regarding Ip addressing and routing?
-
@TKWITS We're using Sonicwalls end to end so we'll avoid the compatibility issues. I'm just curious what the technical difference was between using a "numbered" interface vs. one that isn't. I'm having a hard time wrapping my head around what is technically different using a numbered interface that would make it…
-
@TKWITS When you say interoperability with other manufacturers devices, what would be some of the hurdles with non sonicwall devices? I realize there will be proprietary methods/protocols at times, but what are possible issues with either one the methods above?
-
@Saravanan I'm confused by your statement "Coming to the second part of your question, if you are planning to make the clients on the spoke to get IP address from the HUB SonicWall, you would be doing a DHCP over VPN policy instead Hub and Spoke." Why would getting an address lease from the hub firewall dictate I have to…
-
"DHCP over VPN enables clients of the SonicWALL appliance to obtain IP addresses from a DHCP server at the other end of the VPN tunnel or a local DHCP server." Why would you use "DHCP over VPN" if there is a local DHCP server?
-
@Saravanan I'm confused by your last statement. "The purpose of the DHCP over VPN is, it enables the clients of the SonicWall appliance to obtain IP addresses from a SonicWall DHCP server at the other end of the VPN tunnel or a local DHCP server.". If I have a local DHCP server, why would I even use DHCP over VPN?
-
I haven't done the setup yet and I'm quite ignorant on the hub and spoke part. When setting this up, I assume we're choosing Tunneling interface? Also, on the proposals tab, if I choose Ikev2, will that support DHCP for the clients on the spoke subnets back to our internal DHCP server(behind the hub firewall)?
-
@Saravanan In our setup, There is the above mentioned rule but there is also a rule with Wan to Lan that allows any to X4 Ip(our WAN). This rule is higher priority so doesn't in cancel out the deny rule above entirely since both are saying "Any"?
-
I don't see anywhere one could specify what mode the access point operates in. I see you bridge the Interface. Is that what you're referring to?
-
@Saravanan On WLAN interface, I have a 172.20.0.1 address assigned there.
-
It appears the APs have been assigned a static Ip manually. What I don't understand is why there is a lease for the APs MAC for an address on the WLAN subnet as well.
-
@BWC I'm ordering a SAN cert. that includes both FQDNs, mail.mydomain.org and unjunk.mydomain.org(URL for junk summary notifications). I'll install this cert. on both our mail server and the email security appliance. This should work as far I can see, would you agree?
-
@Aamir_Dayar Avoiding wasting of Ip address is one thing I did consider. I guess I just fail to see in the grand scheme how this person thought they were saving Ip addresses as theoretically, everything will route "up" to the core then firewall. That idea is difficult for me to wrap my head around.
-
@BWC An isolated transfer network between the two is what I think my predecessor was trying to do but in a weird way that just adds confusion. What's confusing to me is that on the SW there is the default route for 10.44.00/29 and then a custom route for the same network that is /16. /29 network is higher priority. So how…
-
@BWC One thing that's still confusing me then is the situation I'm facing currently. Right now we can't access the secondary firewall when it's in standby mode however documentation states we should be able to if we set a management Ip. So it appears currently both primary and secondary are configured identically. It…