jst3751

Newbie ✭
Default Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

jst3751 Newbie ✭

About

Username
jst3751
Joined
Visits
31
Last Active
Roles
Partner
Points
12
Badges
3

Badges (3)

10 CommentsName DropperFirst Comment

Comments

  • No sorry that does not help. I know very well how to create address objects and so forth. That is a manual process to be added AFTER THE FACT. I need to be able to block users from accessing IP Based websites at the time of attempt, not later.
  • Unfortunatly there is an issue in 6.5.3.x that we were experiencing that required us to go to a newer version per Sonicwall support.
  • I realize it "should not matter" but I am working on resolving constant events being logged in the Windows Server application log concern certificate mismatch. I wanted to make sure before investigating that problem that it was not somehow caused or…
  • Wow thanks for finding that great discussion. So once again Microsoft thinks they are better than everyone else by including a bit of information neither required or desired in that field.
  • More information: I am trying to figure out what the difference is in implementation between these cipher suites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521 The f…
  • Support case number 43429731
  • OK, now that opened up another problem avenue. I am already forcing SSL checks as if the Intermediate was needed it would be failing regardless of DPI-SSL (Firewall Settings, SSL Control) Checking what certificates I have on the firewall, I see I al…
  • https://ace.cbp.dhs.gov/
  • NOW, here is another interesting tidbit: In Client DPI-SSL, if I uncheck "Always authenticate server before applying exclusion policy" then that website works. Again, regardless of what exclsion/inclusion objects I have selected on the Objects tab.
  • OK, this is even wierdererer than that: If I disable SSL Client Inspection on the zone, that website works fine. However NO DPI-SSL Client settings are applied to anything in that zone. If I enable SSL Client Inspection on the zone, enable DPI-S…
  • All of the address objects are in the LAN zone. "Enable DPI-SSL Enforcement Service" IS NOT checked "Enable SSL Client Inspection" IS checked
  • IF the logic being used is AND then ONLY the 2 address objects within the group "2_ DPI-SSL TEST GROUP" should be applied. BUT, I am having a big problem. There is only 2 address objects in the group "2_ DPI-SSL TEST GROUP" and neither 192.168.100.1…
  • OK I am doing testing now as I had an odd problem on Friday afternoon when it appears that DPI-SSL Client was being enforced upon an user that it should not have. In the mean time, I am seeing an undesired issue: In DPI-SSL Client on the Common Name…
  • Why wasn't a retraction email then sent out? That would have cleared up things for everyone.