I am searching for a secure and solid VPN solution for a client. Has anyone used the Sonicwall VPN client? How easy is it to setup and configure? They are not very large and the onsite tech guy is pretty overworked. For the actual FW, they'd be going with something like a TZ400.
↧
How is the SonicWALL VPN client?
↧
SonicWALL - 2 WiFi Networks - 1 Quit Working
I have a SonicWALL NSA 3600 with several SonicPoint access points. Up front....I know the SonicPoints aren't the best. The other day in the middle of the morning out "Private" WiFi just quit working for most devices. Either can't connect to the SSID or connect, get an IP, but can't go anywhere. You can connect to the "Public" WiFi with no problems. I have a Mac that connect and seems to work fine, but none of my Windows machines will work. Only IP I can ping is the DHCP server (a Windows VM).
Public WiFI gets their IPs from the SonicWALL. Private WiFi is bridged to the LAN and gets IPs from a Windows DHCP (Windows VM) server.
I inherited the setup/configuration. Internet is connected to the Sonicwall, but our core switch is the default gateway. I talked with SonicWALL and they are saying it's not their problem. I was doing ping from a...
↧
↧
Switching VPN server behind Sonicwall to L2TP
I've inherited a Windows 2008 server being used as an PPTP VPN server behind a Sonciwall TZ-105. The Sonicwall also has site-to-site VPNs to other Sonicwalls.
Because iOS phones as hotspots are blocking PPTP pass through I am trying to upgrade to L2TP. I've got the server changes made and can connect a Windows 10 PC to it when on the same network.
I've added udp port 500, 4500, and 1701 plus services ESP(50), AH(51) and TCP 1701 to the service group on the sonicwall that has the PPTP services. I've also applied the registry change for L2TP clients and server behind NAT-T.
However, I can not connect from outside the firewalls. It asks for the user/password and will re-prompt if incorrect. But with correct credentials it just goes to connecting.... and stays there until it fails.
↧
Secure Mobile Access 400 and NetExtender speeds
Finally reached initial testing phase for our new SMA 400, and I'm having concerns regarding access speeds.
Speed has been a long standing concern I have had with SonicWALL NetExtender, and the 400 seems to be continuing the trend.
Looking at the throughput I'm disappointed to see that even with a single concurrent client I'm slightly below the MIN number listed in this document https://www.sonicwall.com/en-us/support/knowledge-base/170502250454084
but we are running a newer firmware (Version 8.6.0.3-11sv) and newer NetExtender version.
What speeds are others seeing in the their deployments?
↧
SonicWall not letting the SIP ring come through when connecting a call
Hi! I have a problem with SonicWall TZ205 somehow blocking the ring when making calls from a phone connected to a Grandstream UCM6208 PBX. The calls go through and I can hear and be heard but there is no ring when connecting. I set-up the VoIP trunk account on a couple of other Grandstream devices including on a similar PBX, one device behind a SonicWall 105 the other with just a Comcast router in front, and it works, so my conclusion is that the SonicWall is causing the problem. Grandstream support says that they are expecting a 180 but getting a 183. I tried suggested settings for SIP with no success. any ideas?
↧
↧
Can you have a site to site VPN AND a group VPN?
TZ215. 30 user company, 1 file server/DC. Currently use a Group VPN to get to the FS. I have a backup server at my house that robocopies the files from the office FS every few days in the event of interstellar warfare. I would like to promote this to a DC but understand you should have a site to site VPN connection in order for the replication to be reliable. Is it possible on the TZ215 to have both? If so, is there a good "how to" on setting it up?
Jim
↧
sonicwall dynamic address object
I've never seen this before, but our sonicwall NSA 4600 created dynamic address objects automatically.
I look at the time under system status for Last Modified, and these objects were created after the time shown for this. (I knew I didnt create them, but just to make sure)
This is what the log shows with message 'added host entry to dynamic address object'
Object=*.servicebus.windows.net
FQDN=adhsprodsyncwus.servicebus.windows.net;
TTL=23; Host=23.99.80.186
Object=*.servicebus.windows.net
FQDN=production-fantasy-nfl-com.servicebus.windows.net;
TTL=25; Host=23.100.43.151
when I look at the address objects I can see 2 new entries
*.msapproxy.net address properties: unresolved
*servicebus.windows.net address properties: host: 65.55.54.16 TTL3599
I am also seeing in the log 'failed to resolve dynamic address object'
Object=*.msappproxy.net...
↧
Sonicwall NAT issues
Hi folks.
On site A I've port forward a CCTV setup using ports such as 1027 and works perfectly externally but I've run into an issue where a user is trying to access a second site B with the public IP of 1.1.1.1. that also uses port 1027 for CCTV within site A. They basically cannot access site B from site A LAN even though Site B can also be access externally.
So I think what's happening here is the user goes through the Sonicwall in site A and the sonicwall says oh your using port 1027 already with this local subnet so ill pass this traffic back in the site A CCTV subnet so in theory it never leaves the firewall
Here are my NAT rules
Original Source: ANY
Translated Source: Original
Original Destination: WAN Primary IP
Translated Destination: CCTV Subnets 10.0.0.1, 10.0.0.2
Original Service: CCTV Ports 1027
Translated Service: Original
I have...
↧
TZ300 Transparent mode falling off-line
We have a TZ300 with 2 local networks firewalled from each other internally. X0(PCI network) needs rules for the Sonicwall while the x3(business) interface does not. x1 is our gateway to the internet. Access to the internet will stay up for a day or so, then just for x3 to x1(internet) states link down. However, x0 to x1(internet) still provides internet. As our gateway is on our ISP's hardware and shares the same subnet as the x3 network in the 10.0.x.x space, we run this in transparent mode. We are simply trying to implement this right now for PCI compliance. We also have another firewall in place, this TZ300 is just to firewall off our PCI environment.
↧
↧
SonicWall Bandwidth Increase
I’m very new to the world of SonicWall but have a general question. I currently have 2 SonicWall devices in 2 different offices. They create VPN link between them. One of the offices accesses a terminal server. I increased the internet speed from 100 to 300mbps for my main office. That office uses a NSA 3600. The one office that uses the terminal server is on a TZ 300. I changed the X1 WAN port from 100 Mbps full duplex to 1 gig full duplex on the NSA 3600. Do I also need to change that same port on the TZ 300 to 1 gig full duplex so that they have increased speed over the VPN. If you guys need any more information please ask. Thanks for taking the time to read this.
↧
How do I turn on https access to a TZ from Sonicwall CLI?
I have the admin credentials for multiple sonicwalls. Previously, https was turned off for PCI compliance. I'd like to be able to turn that on and off via SSH.
I'm currently not experienced with CLI with Sonicwall.
↧
SonicWALL - Cannot Remote Manage With Newer Browswers
I have a SonicWALL TZ 205 and 2 SOHOs that I can't access with the latest version of Chrome, Edge and IT. I know there used to be the RC4 setting in the Diag screen, but I don't see that option on the SOHOs or the TZ 205.
↧
SonicWALL SRA to AWS Connection
Having trouble connecting my SonicWALL SRA appliance to AWS. SonicWALL NSA devices is connected to AWS VPN tunnels. I want my users to be able to access AWS from NetExtender. Am I configuring NetExtender Client Routes or the SRA Network Routes?
↧
↧
Configure Sonicwall Tz 180 to allow SMC modem as DHCP server
Hello all, had to do a factory reset on the tz180. My issue now is that I cannot figure out the best configuration settings to allow business class SMC modem to act as dhcp server.
What is the best way to configure this and what are the steps involved (I am a novice). What I can gather is that I need a NAT policy and Firewall Access rules to accomplish this. Please help and provide detailed step by step including WAN & LAN Interface configs.
I found this link on sonicwall kb but it doesn't use a NAT policy instead only suggests using the IP Helper. https://www.sonicwall.com/en-us/support/knowledge-base/170505775845010
I work for a non-profit and wear many hats. Unfortunately my networking skills are lacking as this is only part of my profession.
↧
DNS not working when using Mobile Connect
I noticed last night that while I was connected to the Mobile Connect VPN that I could not browse any websites and DNS requests seems to be not responding.
The DNS seems to be set up correctly here under the SSL VPN Client settings page. Is there a setting I may have missed? It's a TZ215
↧
Sonicwall NSA 2600 very slow management
Hi Everyone,
I put in a sonicwall NSA 2600 recently on a 100mb/100mb line. All working Great. Setup SSLVPN but couldnt get it working properly.
I spent some time and got it going but ever since then the speeds for remote management are super slow. If i ping something inside the network its usually around 500ms - 1000ms It was much faster but something happend when I applied either NAT or firewall rules but I cant figure out which one. Some of them are auto generated so I cant disable them.
I do notice that when i make a change to the FW and it applies the change the ping drops down to 15 - 40ms so im sure it has something to do with this. Any help would be great!
↧
SOHO W multiple ssid with expiry time
Dear Community members,
i have 1 SOHO wireless device.
I have created 3 virtual Access Points
1) manager 2) Employees 3) Guest.
All are authenticating using WEP key.
What i want is that the Guest SSID should get an authentication page.
All guests should be able to use the same password.
All guest should be assigned 1 hour session time after that they should be logged out.
Is that doable?
The reason for this is the client where i am placing this device does not have a local IT.
And they don't want to go into the device and generate a user name and password from the guest account.
Any help would be greatly appreciated.
Best Regards.
↧
↧
Issue with TZ300 and a self-signed certificate.
We have a SW TZ300 that came with a self-signed certificate for an IP address of 192.168.100.1. We changed the IP address on the device though and in one of my server's event logs I keep seeing Schannel errors with the self-signed cert of 192.168.100.1 in the bytes section.
I've looked in the local certificates installed on that server and I see that self-signed cert isn't installed maybe that is the issue?
Should I update the self-signed cert to the current IP address of the router and then import that cert onto the server?
↧
SSL filter
https://www.sonicwall.com/en-us/support/knowledge-base/170503514073825
To be clear is there any method of SSL traffic inspection using the tz500 that doesn't require a home rolled Certificate? I can push certs out on the domain for PC's but that doesn't help with non-windows devices or non-domain systems.
My interest is in SSL-DPI for virus, intrusion detection, etc.
↧
TZ210 and TZ310 Config
Can I restore the config from a TZ210 to a TZ310? I have a TZ210 that is 'rattling'; didn't know it had a fan. Always a first i guess.
Thanks.
Darryl
↧