I was wondering if someone could help me with my configuration. I have a TZ105 and need to set it up like this.
LAN1 is for my LAN (192.168.168.168 gateway)
LAN2 is is my Wifi (172.16.32.1 gateway) Unifi AP plugged into this port
I want to block all traffic from LAN2 to LAN1
I want to block all traffic from LAN1 to LAN2 except the ability to print from one computer on LAN1 to a wireless printer on LAN2
Can someone please help me with this? Do I have to create zones? All help appreciated.
Hi, I would like to close an insecure way of Exchange 2010 OWA being available from a public IP which has a NAT policy to the Exchange 2010 server.
We have port 443 open for traffic going to webmail.domain.com which allows us to setup corporate emails on iPhones.
I would still like to improve that though with our Sonicwall NSA 2600 but I am not sure if it is possible.
Can I only allow port 443 to be open on an interface to certain iPhone MAC addresses?
Thanks!
Anyone else having issues with Sonicwall Mobile Connect on Windows 10?
I can't create profiles. I'll enter the info and click Save, and Settings will crash. When I go back into settings, the profile won't be there. Sometimes I can try again and it will stick. More often than not, it will never save. I can't provide event log errors at the moment, but the app log is full of errors showing the Settings app crashing.
I've gone back to NetExtender and have had some success, but only if I download it from the firewall.
Anyone had any luck with Mobile Connect recently?
Remote user on a Windows 10 notebook, not joined to our Windows domain. Somehow he has messed up his NetExtender installation so I was going to have him try Mobile Connect. This is a first, as the newest NetExtend has been fine for us.
I am testing on a similarly setup notebook here.
Sidenote: In Mobile Connect Server address, if I include port :4433 it does not find the server. So I removed the port and it finds and gets a response (weird?)
The real problem: when it prompts for credentials. I tried: USERNAME, USERNAME@LocalDomain, LocalDomainUSERNAME and they are all refused. "failed to login." What is the actual convention for logging on via Mobile Connect in regards to SonicWall domain? Windows domain is not a factor.
The test notebook has a functional NetExtender so I verified the credentials using NetExtender and connected no problem....
I am configuring SonicWall TZ 400 VPN with Microsoft Radius. in the SonicWall, I tested Radius user successfully.
However, I can't login in SonicWall VPN client with this error. What could be the problem?
I am having difficulty setting up the NAT Policies and Firewall access rules to allow access to a website on our local server.
The page loads fine if viewing directly on the server at http://localhost:85/
However it cannot be viewed from any of the other terminals on the network, I have created the NAT Policy and Firewall Access Rule but it still doesn't allow access from other terminals. Whether directly using the internal Server IP Address or the WAN IP Address with port forwarding.
I also created the appropriate service rule for the TCP port 85
I've even attempted to allow access with a loopback policy so the internal computers can enter the WAN IP to access it.
Wondering if I missed a step or something else isn't adding up. I've created other policies for different services but this one doesn't seem to be working out.
Hello All, I am unable to print from my cell phone and I see the packets being dropped by the firewall. Google Cloud Print can't see the printer to add it and the Brother Print Plug-in has the same behavior. The printer is configured with a static IP and 1 laptop, 1 server, and 1 desktop can print across the network with no issue. I would like to know if there is a way to remedy this issue as having to print from a computer all the time is not always convenient.
Thanks in advance!
So I've been asked by management to produce a report on some end user bandwidth usage. They apparently stream video all day and need some documentation showing this usage. ESPN and the Golf Channel seem to be popular with these guys.
Is there a easy way to generate such a report from my Sonicwall on a few endpoint IP's?
BTW: I'm running Sonicwall 6.5.
Thanks,
We are switching a SonicWall router to Meraki but want to keep the sonicpoints. Besides us changing the IP address of the sonicwall and disabling DHCP, anything else we need to be careful about?
The sonicpoints have different IP addresses for the guests and regular networks . How can we make that still work?
Thanks
I'm a noob and self taught and I'm sure I'm missing something "stupid".
These are the basic connections for my TZ 100
I have only three user defined routing policies that simply say if something comes from any source destined for the IP range listed, route through that interface. For example 10.129.205.130 would route through X2.
From my office network, I successfully get out to internet, both work VPNs and to the AWS cloud VPC.
The problem is I need a machine in the Amazon VPC to reach my work VPNs. From the cloud machine I can access computers on my office network. For example, I can access a web server running on my office network by opening a web browser and entering http://192.168.1.172.
However when I attempt to access either IP range that should be routed through X2 or X3 it doesn't make it through and I don't know why.
The packet...
The DHCP server on our out of support 4500 stopped providing IPs to clients on the two interfaces we had it configured to do so.
Did not see anything in the logs, tried recreating the DHCP range and changed a few settings, but no joy.
So I reset to factory defaults, and I did not get an IP from the DHCP sever to run the inital config. Ran the config wizard, set a password and left all other settings default (which includes the DHCP server being enabled and providing IPs for clients on x), still no luck.
I'm thinking it's dead, but figured I would check and see if there were any other ideas before it hits the bin. Unclear if I can/should upgrade firmware (running 5.9.1.5-16, 5.9.1.8-10 is current.
We have much office365 mail IDs configured using outlook 2016 in our office. Some with IMAP and some with POP3(different domain). All stopped sending emails since today. But we receive emails without any issue. We use Sonicwall NSA 2600. Anyone can help me to troubleshoot the issue.
I have a branch office that establishes a half dozen RDP connections to head office every day. They remain active throughput the day but they may be closed and re-initiated.
Head office has an NSA 2600 while branch office has a TZ SOHO. Both locations have a DSL Internet connection. A second ISP providing higher speed Internet was added to each location and became the primary WAN interface. I setup Failover & LB on both firewalls using Basic Failover. All of this is working as expected and there are no issues.
Both sites benefited from the higher Internet speeds provided by the new ISP except for one thing: RDP was still connecting via the original DSL connection at the head office. I resolved that issue by creating an outbound NAT policy to redirect the connection to the new high speed interface at head office. It is working as...
Hi All,
I'll preface this with saying two things: 1) I am new to working with VLANS, and 2) I have searched through other similar topics but haven't found anything that helps me quite yet, so I decided to post my own.
I have a SonicWALL, and it has 4 SonicPoints connected to it. TheWiFi works just fine for employee access, contacting servers, connecting to shares, etc, etc, but I want to add guest WiFi so interface X3 on the SonicWALL (the WiFi interface) has been configured with a guest SSID and tagged with a VLAN ID of 10.
The problem that I am having is figuring out how to get the traffic for VLAN 10 to route from the SonicPoints to the SonicWALL. When I try to connect to the guest WiFi, it throws an auto-config IP, doesn't connect to the DHCP scope that has been setup for guest WiFi, and doesn't connect to the internet (obviously).
...
I'm not having any luck finding signature ID's to add to exclusion list. There is a 3 digit ID when viewing the log monitor, but that isn't the signature ID. Somehow I've been unable to find this after about 30 minutes of searching every combination of terms I can think of.
Greetings. I just reset the admin password on a SonicWALL TZ 215 and now I am not able to login. Before you ask, yes I typed it in correctly, I mean I had to type it in correctly two times to verify to reset. Do these devices have to be power cycled after a password change? I'm typically a Sophos guy but I've just taken on a client that has this unit and needed to reset the admin password.
I've run into a major pain in the neck a few times lately:
I occasionally run into devices with older web interfaces that are set to RC4, such as older SonicWALLs, but also network switches, copiers, specialized app servers, etc.
All the major browsers have now completely removed RC4 support. Enabling SSL3 in IE no longer works. Same type of error, "sorry, that's not secure, and you're too stupid to know better so we're going to stop you right here." This creates a circular problem. I can't log on to the device because the security is too weak, and I can't fix the setting because I can't GET IN. It's fairly simple to get into the diagnostic page of an older SonicWALL and uncheck the "enable RC4 support" box, but first you have to get there!
I am getting sick and tired of these vendors forcing their "help" down my throat, but I digress.
...
I recently updated my sonicwall to the 6.5 firmware and all of my computers connected via site to site vpn now have this message and cannot access any shared resources. I can ping the domain controller and access it's shared folder if the user puts their credentials in every time.
I thought it may have something to do with windows firewall not being in domain zone so i turned off the windows firewall, removed the pc from the domain, did an ipconfig release flushdns and renew, then reinstalled the nic drivers and rejoined the domain but the issue persists.
So my assumption is that something is now misconfigured in the site to site connections. Trying to figure out where to go next.
Hello everybody, hope you all of you stay well. How can i can start well we have a sonic wall tz500 firmware 6.2.7.1-23n and in the parts of logs i have a few strange message for example:
45 Network ARP Failure Debug ARP Timeout
IPsec Dead Peer Detection Debug SENDING ISAKMP OAK INFO (InitCookie:0x9b61830d55381502 RespCookie:0x1eeb1351b4d59ad4, MsgID: 0xC8EE3A62) *(HASH, DEL)
1233 Firewall Settings Link-Local/Mult
icast IPv6 Packet Notice Unhandled link-local or multicast IPv6 packet dropped
82 Security Services Port Scan Possible Alert Possible port scan detected 23.212.9.149
I search in google but some of then seems to be thing of the firmware upgrade but i'm not sure if this is really the case.
On the another hand i apply some configs to the sonic wall in the content filter for differents pages but it seems doesn't apply i check in the...
I've installed the NetExtender client on a laptop with Windows 7 pro 64. When I start NetExtender, I'm immediately prompted for "old password" and then below it, "new password" and a verification for the new password. Keep in mind, NetExtender is not even connected to any SonicWall appliance at all.
Typically, when I start NetExtender I am prompted for the "server", "username", "password" and "domain". I enter these four fields and connect.
I've tried to install different versions of the NetExtender client to no avail.
Thanks,
Craig