Whenever I try to access my TZ300 from the WAN side, the GUI loads incredibly slow. If I log into the same device from the LAN side, the GUI works as expected. I can't figure out what might be causing this. Has anyone else run into this?
↧
Very slow gui from WAN but not LAN
↧
VPN - Tunnel Interface vs site-to-site VPN connection
Can I use a sonicwall route-based VPN / Tunnel interface, to work like the site-to-site VPN? Are there any examples online on how to configure a route-based vpn to work like the site-to-site VPN?
I have a corporate office, currently connected to 7 remote offices via site-to-site VPN. The Corporate office is a TZ 400, the sites are using SOHO's. There are 2 or 3 workstations at most of the site offices.
The use is light-duty file sharing, plus their new VOIP phone service requires a VPN connection between not only the corporate office, but also a 'mesh' vpn connection between each and every site.
The company is adding approximately 4 more small site offices.
The listed max limit for site - to site vpn tunnels listed for the SOHO's is 10. (vs 64 for the route based vpn tunnels). I'm going to be over the limit. I seem to have read somewhere...
↧
↧
Replacing our ASA with NSA2650
We have decided to replace our ASA with a nice new 2650. Setup looks fairly simple, but I do have a question about VLANs. We have 4 lans defined in our ASA and one of the interfaces in a trunk port to our core switch. Our native vlan in the cisco is vlan 1. I don't see anywhere to do this in the 2650. I do see I can create a virtual interface and give it the vlan id of 1. Would I add all of my vlans as sub interfaces on a parent interface, for example X5, and that would also be my trunk port?
↧
VPN Hardening
Hi,
I have a SonicWall 5600 HA pair which, amongst other things, runs nearly 250 VPNs to satellite offices.
I would like to upgrade the VPNs 1st & 2nd proposals to a more secure level.
I don't want to manually do this one by one as it is too time consuming, so I was hoping that there is a way to automate this or script it?
Is this a possibility?
Thanks.
↧
Subinterface DHCP not handing out IPs
Hello,
I have a strange issue with a Sonicwall.
I have port 0 in bridge mode with untagged vlan 1. I also created a subinterface 20 in the same zone, under the same interface. Vlan is working fine. I have that VLAN going to the Unifi AP. It's properly configured to pick DHCP from the router (Sonicwall), but it's getting APIPA adrreses for the tagged network (Guest VLAN).
If I setup the IP on the PC connected to AP statically, it works fine. But it's not working with the DHCP on.
↧
↧
SonicWall NSA 250 M for L2TP VPN
Hi everyone,
We are trying to configure our SonicWall NSA 250 M for L2TP VPN. Clients are able to connect to the VPN, ping LAN IP addresses but are not able to print to local printers.
↧
Using a different appliance with SonicWall NSA2650. RaspPi? Router?
I am trying to set up an IP phone at a employees home that will work within our network. I need to be able to plug it in to something that is already connected to our domain.
The vendor is having a hard time figuring out his equipment and I want a temporary workaround.
I would rather not buy a new SonicWall appliance for what I hope is a temporary usage. Can I use something like a RaspPi with OpenVPN or a router that I can reflash, or even a stock router that supports such a connection? Or will it be easier to dig out that TZ100 I have collecting dust someplace and use it?
Any advice for me?
↧
SonicWall SSL VPN on Mac cannot connect from home network.
I have a client with a brand new retail MacBook (not corporate owned or issued). The company uses a SonicWall SSL VPN. The SonicWall appliance is a TZ600 running SonicOS6.2.7.1-23n. The VPN Cipher is AES256_SHA1.
SonicWall lists the prerequisites for a Mac to connect to the SSL VPN as SonicOS 5.8.1.0 or later, and AES256_SHA1. We meet the requirements.
I installed the Sonic Mobile Connect VPN client on the machine as well as the Microsoft Remote Desktop client. I tested logging into the VPN here in the office on our guest wifi as well as using my cell phone as a hotspot. Tests were successful. We also have a cafe in the building; I tried on their wifi as well. There I was able to connect to the VPN without issue, but couldn't connect to the Remote Desktop. I chalked that up to the cafe having ports blocked.
The client took the Macbook...
↧
Does anyone can share the log documentation of SonicWall VPN ?
I recently analyzed the SonicWall VPN logs, but there are some logs I can't understand, for example: Error=0xffffffff, I don't know what 0xffffffff stands for. I hope I can have relevant documentation to help me analyze it.
I didn't find the relevant documentation on google, can anyone share a copy if you have .
↧
↧
Cyberoam to Sonicwall IPsec VPN
Hi
I have two firewalls ,one in main office (Cyberoam) and in branch office its sonicwall. I have done IPsec VPN . and it's showing UP. but no traffic is going in between.
can't even ping Local IP from remote.
Please help.
↧
Sonicwall - After some time, users are logged out and cant reauthenticate throug
Hi Everyone,
On our company we have a NSA 3600 which we use the Client Probing Method and query in DC Security Logs. The account configured in the SSO Agent is an non-admin account with permissions in the DCOM Users and Performance Monitor Users groups of the DCs.
The problem is that the users log in the domain but after some time they are logged out(and are not reconnect trough SSO). In the firewall(Status->Users) shows "Access Denied".
What it might be happening?
Regards,
Fernando Dias
↧
Send all traffic?
We are finally getting fiber installed at all three of our buildings, and I would like to site to site to our main building. I will be using an older TZ190 at one of the buildings. License's have expired, but still functions normal. There is one user at this location.
Would it be fine to tunnel all of her traffic through our 2650 so that we can do scanning, inspection, etc?
↧
Sonicwall, Help with NAT and firewall rules for accessing site hosted in Azure
Hi.
I have been banging my head against the wall for a while now.
I have three zones in my Sonicwall NSA 220.
1 called "Office-LAN", subnet 192.168.48.0/21
1 called "Guests", subnet 10.0.80.0/24
1 called "Technical", subnet 10.0.0.0/24
I have a NGINX (reverse proxy) located in the LAN zone. (192.168.49.19) pointing different DNS-names to their representative servers.
Most of these sites are hosted locally, also in the LAN zone, but one of them are hosted in Azure.
The Azure server is defined with a object in the LAN zone, and I have a site-site VPN up working.
IP: 10.0.1.4
When I try to access the Azure hosted web page from the LAN zone, it works flawlessly, but when I now try to access it from the "technical"-zone/subnet, I cannot reach it.
I can ping the NGINX-server from the technical subnet.
Can anyone help me in the right direction here?
IPs:
...
↧
↧
Packets dropped Firewall SOHO wireless-N
I am facing a problem and can't determine the reason behind it. I have configured VPN between two sites,
I found that the packets are being dropped and can't determine why:
Ether Type: IP(0x800), Src=[cc:16:7e:d1:4f:a0], Dst=[18:b1:69:1b:90:30]
IP Packet Header
IP Type: ICMP(0x1), Src=[10.9.1.2], Dst=[10.14.1.250]
ICMP Packet Header
ICMP Type = 8(ECHO_REQUEST), ICMP Code = 0, ICMP Checksum = 5698
Value:[0]
Consumed, Module Id:20 1:1)
Ether Type: IP(0x800), Src=[cc:16:7e:d1:4f:a1], Dst=[18:b1:69:1b:90:31]
IP Packet Header
IP Type: ICMP(0x1), Src=[10.14.1.250], Dst=[10.9.1.2]
ICMP Packet Header
ICMP Type = 0(ECHO_REPLY), ICMP Code = 0, ICMP Checksum = 7746
Value:[0]
Consumed, Module Id:20 1:1)
any help would be appreciated.
↧
Trying to get Content Filtering working on 2650
I need some assistance getting the CFS going on a 2650. I have enabled CFS and also enabled HTTPS content filtering. Added the rule in Rules>CFS. Nothing is being blocked. I have even tried manually adding a domain to be blocked, but it is still coming through. Any idea's where I need to check first?
↧
DHCP in VLAN between Aruba and SonicWALL
I have a SonicWALL running DHCP for VLANs 1,10 and 30. I've created a trunk on my Aruba switch, but I'm not getting DHCP addresses. I've setup the sub-interfaces on the SonicWALL under X0 for vlan 10 and 30 and DHCP servers connected to X0, X0:10, and X0:30. On the switch, I have the following config:
Text
trunk A1-A2 trk1 trunk trunk A3-A6 trk2 trunk no telnet-server ip ssh filetransfer snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" no untagged A7-A24,B1-B24,C1-C24,D1-D24 tagged Trk1-Trk2 ip address 10.20.0.251 255.255.255.0 exit vlan 10 name "Private Network" untagged A7-A24,B1-B24,C1-C24,D1-D24 tagged Trk1-Trk2 ip address 192.168.20.253 255.255.255.0 ip helper-address 192.168.20.254 exit vlan 30 name "Guest Network" tagged Trk1-Trk2 no ip address exit...↧
Possible to use the same range for IPSEC and SSL VPN on sonicwall?
I woudl like to know if it is possible to use the IPSEC VPN range and set the SSL VPN range to be the same IP pool on sonicwall.
Im needing more IP's than i currently have available and the way things tend to go is that if youre internal to the office you pull a dhcp ip from the ipsec pool, but when you WFH you pull it from the SSL VPN pool.
↧
↧
fortigate site-to-site VPN behind NAT with sonicwall
site#1 sonicwall TZ205 with static IP(Gateway)
Site#2 Fortigate 60e behind gateway and Gateway is with dynamic IP
the problem is on fortigate side. i cannot figure it out how will i configure to pass it out through gateway. 
↧
SSL-VPN IP pool on LAN zone considered harmful
https://www.sonicwall.com/en-us/support/knowledge-base/170502920993204
This is news to me. I've often setup the IP pool to be on the LAN zone on small sites with only the built-in 1 or 2 licenses and haven't seen any problems myself, but sometimes users have complained about disconnections and performance issues which I've mostly thought to be from mobile connections they are using.
Have you been using LAN zone IP pools and encountered issues?
↧
Multiple LDAP servers for one NSA 220?
I've got an NSA 220 running version SonicOS Enhanced 5.9.1.8-10o.
I've got SSO and LDAP with TLS working just fine; however, as far as I can tell, I only get to specify one LDAP server. I have three Domain Controllers on my network, but what if I need to bring down the one that the SonicWall is using for LDAP? I need to remember to point to another of the three DCs and ensure the SSL cert is listed on the SonicWall for that DC as well?
Am I missing something? Is there a way to specify multiple LDAP servers for redundancy?
↧