Comments
-
Hello @Joey, Based on the logs you are seeing, it should mean access control of the user belonging to SSLVPN or GVC. Is the DNS server added to the client routes of SSLVPN and access control tab for the users connecting to SSLVPN and GVC? I would suggest checking that and making sure that it is added there. Thanks!
-
Hello @jtb, What firmware version are you on? I do not see any reported issues like this so far on my end. Thanks!
-
@abdo, For any user-based policy, the firewall needs to know the IP to user binding, so SSO will be necessary irrespective of the kind of security service in question. Thanks!
-
Sure, Keep us posted. Thanks!
-
Hello @ACETech, We need a lot more details to understand what could be the problem. 1) Are you having any issues reaching the firewall UI while the web pages fail to load? 2) Is the firewall able to reach the internet fine while the issue is ongoing? Can be checked from Investigate | System Diagnostics | Check Network…
-
@Rave_Romero12, Kindly check in the logs if that is the signature showing up during the failed attempt at the application and if yes, then the exclusion will be helpful. If the signature is inheriting the exclusion from the category, then adding it on the category level should be sufficient, if not, it is needed on the…
-
Hello @GrahamH, You can generate a certificate using the Windows Server Certificate Enrollment Web Services. I think this KB article should be helpful. Thanks!
-
Hello @abdo, You would need to have SSO agent installed and configured on the firewall so that it can identify which user is logged into what machine and apply the filters based on the username field. Kindly go through the following KB articles for more detail. Thanks!
-
Hello @Rave_Romero12, I think it could be because there is an additional signature under App control that could be blocking it. If you have categories like Proxy access and P2P blocked, please check the logs while you try to access these applications and filter using the particular IP you are testing from. I have usually…
-
Hello @davisadmin, This needs further investigation with the support team along with the diagnostics files collected from the device. Kindly open a support case and submit the following files for further investigation. Thanks!
-
Hello @Twizz728, The SonicWall itself is not a DNS server but can act as a DNS proxy if configured for it. I would suggest adding the actual DNS servers on these endpoints if you are setting them with static addresses. Thanks!
-
Hello Jayser, Which zone are you testing the loopback IP from? The best way to find what is going wrong will be by doing a packet capture on the firewall. Also, there is no limitation that the loopback NAT will only work for LAN. Thanks!
-
Hello @Teh_Tourist, Welcome to the SonicWall community. Could you please navigate to Manage | Rules | Nat Policies and check if there is any auto-added or custom NAT that translates the new VLAN subnet to IPV6 address of the interface rather than just the WAN IP? If yes, kindly disable it or add a new NAT that translates…
-
Hello @TSOL68, When you say it isn't working, is the tunnel itself not coming up or the traffic isn't passing through? You should be able to use any other IP as well for the NAT as long as the same IP is used in the remote end as the local IP. Thanks!
-
Hello @mrshahin, Yes, we have the allowed URI field in the CFS profile exactly for this purpose. Please take a look at the KB below for more details. Thanks!