Newbie ✭
Default Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

xdmfanboy Newbie ✭


Last Active
Member, Partner

Badges (5)

2 Year Anniversary5 Likes10 Comments1 Year AnniversaryFirst Comment


  • Any update on this? We're seeing this on same model, except
  • Where are you seeing these updates? I've been checking for two days and none of the announced TZ or NSA updates in the download center as usual. did they pull them?
  • I had some back and forth with support. They were not aware of problems with policies updating in 3.6.34, but offered to work with my setup to investigate. He did state that changes can take up to an hour, and when I asked if this was true even when clicking Update Policy on the client side his response was ambiguous.…
  • Ah, so they broke it! I hope they're aware of the issue, as I don't feel like going thorugh the pain involved in contacting support.
  • So you're saying that for example if I have porn blocked under the CFS Profile Objects and CFS was set to filter HTTPS, that if I exclude porn under DPI-SSL it only excludes it from HTTPS filtering, but not HTTP? Or it doesn't exclude it from the content aspect of the filtering, but does exclude it from protections DPI-SSL…
  • You've clarified a few things, but some questions remain. I've re-read it multiple times, trying to sort out what is being said. If DPI SSL alone cannot allow/block web sites, then what role does the CFS Category tab play if any? If DPI SSL is active, yet its content filtering unchecked, then does the normal CFS function…
  • You can install SW's certificate on IOS and Android devices, but it's a bit of a PITA to do a bunch of them without some expensive software. Unless it's a company device I'd make a SSID that parks them on a subnet without DPI-SSL. I do that for a library system client of mine.
  • Where does one find the classic mode? I know the icon for switching modes under 6.x, but can find nothing here.
  • Argh! Even though I registered it as part of a Secure Upgrade, it doesn't show under My Products until late this afternoon so I could finally get the key. I had to reinstall the same firmware it came with to eliminate the corruption warnings. I pre-set the X0 IP ahead of time before the import but still got stuck where I…
  • Okay, figured out how to restore default from CLI, except I notice when I reboot from there its telling me of possible filesystem corruption because the unmount was not done properly, and when I get the login at the default I get hit with a red pop-up Network Error for [get] to [/webfront/api/host]. Oh joy.…
  • If there's a command to do it from the CLI that would be good too. Not finding that either. Way too many admin guides for Gen 7 - crazy!
  • Oh I've got TONS of exclusions for CATP and DPI-SSL. And yes, you point out another deficiency - no easy way to move your custom exclusions between firewalls. There should be an export/import function. As long as these features have been out I'm very surprised they haven't implemented this.
  • The TZ 400 is dramatically faster in the real world than the TZ 300, for not much more money. The TZ 300 struggles with DPI-SSL even in smaller networks. The 400 has almost the performance of the 500, yet almost the price of the 300. The 300 is discontinued, but I wouldn't even buy the 350 for anything but the smallest…
  • I had this exact issue with multiple TZ firewalls a while back. Seems to have been fixed in later releases.
    in DPI SSL Comment by xdmfanboy June 2020
  • Ditto Larry's comments! The KB has been hard to use for years, not being able to print or save articles without extensive massaging.