Quantcast
Channel: SonicWall
Viewing all 2641 articles
Browse latest View live

Site-to-Site VPN (Central Site) 2 SonicWalls - Same LAN to --> (Remote Site) 1

March 6, 2018, 2:11 pm
$
0
0
I have successfully configured a site-to-site VPN using two SonicWALL SOHOs as, I can access shared folders from the PDC (Primary Domain Controller) shared folder resources across the VPN. But, I cannot ping router #2 at the central site which is on the same LAN as the PDC.
CENTRAL SITE (Seattle) Firewall #1 (VPNd site-to-site to Remote Site Firewall #3):
LAN - 192.168.1.1
CENTRAL SITE (Seattle) Firewall #2 (ON THE SAME LAN as VPN Firewall #1 (Firewall #2 is NOT VPNd)
LAN - 192.168.1.254
REMOTE SITE (DALLAS) Firewall #3 (VPNd site-to-site to CENTRAL SITE Firewall #1)
172.16.1.1
As I mentioned, I can ping the PDC on CENTRAL SITE (SEATTLE) Firewall #1 VPN
from REMOTE SITE (DALLAS) Firewall #3.
But, I CANNOT ping from REMOTE SITE (DALLAS) Firewall #3 to Firewall #2 at CENTRAL SITE (SEATTLE) which Firewall #2 is on the same LAN location as...
Search

Help with Sonicwall SSL VPN LDAP Auth

March 6, 2018, 2:43 pm
$
0
0

Hello,

I need some help with this setup. Our Sonicwall uses GVC and SSL VPN licenses. We are using LDAP with a specific group in AD for VPN access. It is working fine for GVC users as SW relays DHCP requests to our DHCP server and users can access all LAN resources (on X0). Where I'm having an issue is setting up the following.

1. I created a network object for the SSL VPN users, 10.20.16.xxx. it is part of the SSLVPN Zone.

2. I created a dummy network 10.10.10.0/23 to mirror our normal network (this is to avoid local/remote overlap), that is part of the LAN zone.

3. Added a NAT rule so requests to 10.10.10.0/23 are translated to our normal network.

4. Firewall rules from SSLVPN to LAN and vice versa are auto-created to allow the traffic between the zones.

5. Under Users/ Local Groups I've imported the particular AD group that I I'll be...

Dissimilar Subnets same default route - sonicwall spoof

March 7, 2018, 6:03 am
$
0
0

2 dissimilar subnets from remote site route through ISP interface with the same default route 10.1.1.1 next hop 10.1.1.2. subnet A is 10.1.2.0. subnet B is 192.168.1.0. subnet B hits the next hop 10.1.1.2 interface of sonicwall where it is then flagged as an IP spoof drop code 493.

created a static route where src is subnet B but that does not stop the IP spoof flag.

opened case with SW, in the mean time anyone have an idea to keep SW from dropping?

Add Public Server to Sonicwall

March 7, 2018, 6:22 am
$
0
0

I want to add a Public IP server to my Sonicwall.

The IP address of the public server is just one IP less than the main WAN.  (so, WAN is 29.30.31.32, and the server should be 29.30.31.33).  

How would I do this?  No matter how many different ways I try, I get "overlap" errors in the configuration screens.

Connect to SonicWall VPN server using Ubuntu

March 7, 2018, 6:34 am
$
0
0

I am currently using SonicWall Global VPN Client to connect to a VPN server using a host ip, username, password and pre-shared key. I want to achieve the same thing but from Ubuntu. How can I do that?

Many thanks!

NetExtender / Windows scripting problem

March 7, 2018, 8:01 am
$
0
0

Over the course of the last week or so, a new problem has developed on three machines.

When I open SonicWALL NetExtender, it goes right to a page with a box about old and new passwords. Note: This is NOT occurring on connection attempts, but right when the client is opened.


I have tried multiple NetExtender versions, i.e. 8.0 and 8.6, on all of the affected machines, with no change in behavior. On the same machines, I am also seeing a problem with the Windows Services extended view showing up blank:


The latter is an issue I used ot see in Windows XP frequently, which was often fixed by reinstalling windows script and windows visual basic runtime. However, this fix is not working on Windows 7 machines.

I have already tried re-registering the script components per the article here:

...

Sonicwall TZ400 VPN issue

March 8, 2018, 2:40 am
$
0
0

I have a client with a strange issue. They have a main firewall setup at one location, a TZ 400, and two other sites connected through VPN with TZ 300s. The VOIP (Innovaphone) and network connection has intermittent issues, sometimes calls drop or they cant hear the caller, and often when they try to connect from one of the spoke locations to their server, the connection stops. They only have a 5Mb connection, but I don't understand why the connection would just end instead of just get really slow. They also have some equipment that sends automatic reports to a third party to make sure certain levels like Helium don't get too high for the equipment, but they don't recieve the reports. They can ping the device, and I can see packets going in and out of the VPN interface, but for some reason they aren't receiving anything. They can ping...

Sonicwall site-to-site VPN keeps dropping

March 8, 2018, 9:43 am
$
0
0

Site A: Sonicwall NSA 2600; Site B: Sonicwall 2650

The VPN tunnel shows as up on both sides, but I'm not able to ping site to site. I noticed if I rename the network object for Site B (zone: VPN, type: network; 192.168.28.0/24) on the Site A's router, the ping works for about a minute, then stops responding again. The tunnel would still be up though. The packet capture shows "consumed" when pings work and "received" when it stops working. If I again rename the object for Site B back to what it was, ping works again for about a minute, then stops responding.

One other observation. If I re-create a tunnel on either router, I can connect site to site and pings work. However, in about a day or so, the same issue again when tunnel shows as up, but I can't connect from site to site.

I saw another post about similar issue where resolution was...

Search

Sonicwall Firewall won't connect to a website?

March 8, 2018, 12:53 pm
$
0
0

I have a Sonicwall NSA 2400 with up to date firmware. I cannot reach a website. I keep getting the message err_connection_timed_out error. Here's what I've done so far...

1. Made sure the firmware was up to date.

2. Made sure the content filtering was not causing this. The computer I've done the testing on is specifically excluded from content filtering but have also tested with the content filter turned off. I still cannot reach the website.

3. To exclude my switches being the issue, I configured the unused X2 port and connected the computer directly to the X2 port. Machine would connect to the internet but not the website I need.

4. Moved the computer to the hub outside the firewall but on the same internet connection. When I did that I WAS able to connect to the website I need.

I logged a call with Sonicwall support. After working with...

Meru APs won’t get DHCP

March 8, 2018, 1:05 pm
$
0
0

Hello all,

I just replaced an old Win 2003 DHCP server with a nice new SonicWall. I copied over the scope and switched over. All of my desktops and laptops get DHCP just fine, but my Meru APs are not able to contact the wireless controller on another subnet. Any idea why this is? I can ping the controller from any PC. Also, the SonicWall doesn’t handle traffic, just DHCP. Thanks!

Email Security

March 12, 2018, 4:23 am
$
0
0

What are the things to be considered while designing a email security solution from scratch?

Site to Site VPN - security of the device at the DR site

March 12, 2018, 5:51 am
$
0
0

Hi, we have a site to site VPN from a Sonicwall NSA 2600 on our main site, to a Sonicwall TZ 105 on our DR site which stores our backups.

The NSA 2600 has the license for sonicwall advanced gateway security suite which has intrusion protection.

The Sonicwall TZ 105 doesn't have a license for any suite, but it doesn't have any ports open or any external access.

I wondered from a security point of view should it have some license for a security suite? 

So that hackers couldnt hack into the Sonicwall TZ 105 from the outside?

Thanks!

Nating steps on sonicwall nsa3600

March 12, 2018, 7:40 am
$
0
0

Hello, everyone, I have assigned 192.168.168.0/24 to X0 of SonicWALL NSA 3600 and assigned the public IP to X1 of sonicwall but when I go to the diagnostic page and select the wan interface and Initiate ping it is still not working and I want to know the steps of  Nating  because I want my Lan to access the internet and do we really need any specific license for it because I have not purchased all licenses yet.

SonicWall CDP firmware

March 12, 2018, 8:32 am
$
0
0

We have two CDP 3440i units. Discontinued and no longer supported by SonicWall. The machines we have run firmware version 6.3.1.135. I wonder if there's newer firmware and Agent software available? And if so, how do I get it?

Simon

SSLVPN Tunnel All Mode with LAN Access for Printers

March 12, 2018, 1:35 pm
$
0
0

Hello, I'm stuck with a problem I believe other members have faced with regards to tunnel all mode with SSLVPN services.  Our customer would like Tunnel All mode enabled to prevent MFA prompts out of Azure AD for users working remotely.  I've found that Tunnel All mode will transmit all traffic through NetExtender which gives us the desired results.  Unfortunately, users are no longer able to print to their network printers.  The easy solution would be to have them plug directly into the printer however, I've received some resistance on that front and thought I'd reach out to the community to see if there are any workarounds to this problem.  SonicWALL support indicated that this was not feasible.  One theoretical solution I had was to adjust routes for Microsoft domains but that may be daunting and unrealic.  Any ideas??  Thanks!

Search

Disable Aggressive Mode and IKEv1 on SonicWall NSA2400

March 13, 2018, 7:30 am
$
0
0

Hello,

We are getting flagged for our NSA 2400 supporting Aggressive Mode with Pre-Shared Key. All of our Site-to-Site VPNs are configured for IKEv2. The only thing that has IKEv1 is the "WAN GroupVPN". Is it possible that is what's being detected? Can I just disable it?

Is there any other way to disable Aggressive Mode and/or IKEv1 altogether?

Thanks.

NAT Policies Sonicwall

March 13, 2018, 9:30 am
$
0
0

So I'm at a loss here. We are getting ready to change our ISP.

I have the interface setup on my Sonicwall in a new port.

I went into my NAT policies and any NAT policy setup for our old ISP I created a new NAT policy for our new ISP.

The problem is nothing is working after I set them up.

As a test I plugged our new ISP into our backup ISP port that has a few NAT policies setup and plugged into that port it works just fine. However when I create new policies on our new interface its not working at all.

All the policies are enabled, and the new interface is apart of the WAN group automatically

Any advice would be greatly appreciated on this. I'm sure it is something simple I'm missing

SonicWALL and AppleTV

March 13, 2018, 1:38 pm
$
0
0

I'm running an NSA 2600 with OS 6.2.9.1-23n, renewal is pending budgetary approvals.

I'm trying to get my Apple devices to AirPlay for more than a minute at a time.  I've reviewed the articles about enabling Multicast and Interface Trust on my WLAN zones.  I've even restarted my WAP's.  To my distress still have the issue with the devices not being to AirPlay for any extended amount of time.  

For a special event tonight, I just set up a cheap Linksys (Cisco era) wireless router and connected a MacBook Pro and a 2nd generation Apple TV to it and it has been streaming through it for about 2 hours now.

Have I overlooked something? Missed a step?

Thanks,

Daniel

Sonicwall Tunnel Interface/Route Based VPN NAT

March 13, 2018, 4:34 pm
$
0
0

Hi all,

I have question that Googling seems to not be able to answer. I have Sonicwalls that I control between two locations with Site A and Site B. They are currently connected just fine with Site-To-Site VPN tunnel. Site does NATing because its main subnet bumps is the same as another subnet on Site B's sonicwall. I understand how to NAT under the Site-to-Site VPN Advanced tab in Site A sonicwall.

Now we are wanting to change our Site-to-Site VPN to a Tunnel Interface/Route Based VPN. I see the Apply NAT policy still applies is there on Site A sonicwall. Here is the next caveat Site A has separate LAN segment that needs to communicate with Site B on separate LAN segment there hence why we wanted to setup the Route Based VPN tunnel. This second LAN segment between Site A and Site B does not need to NATed. So I guess what I am asking is...

Sonicwall multiple public IP's

March 14, 2018, 8:20 am
$
0
0

My ISP has given me a block of 5 IP's to use for our business. I have 1 IP setup as the WAN on Port X3 on my Sonicwall.

I want to be able to flow certain traffic using one of the other 4 IP's I have left on my Soncwall. I know I can create a static route to accomplish the flow of traffic out of another IP

My question is how do I setup so I can use one of my other IP's as a WAN setup? I'm assuming I need to set this up in NAT but I'm not sure how to go about it.

Viewing all 2641 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>