Quantcast
Channel: SonicWall
Viewing all 2641 articles
Browse latest View live

SonicPoint N with Centrino N

December 6, 2018, 9:29 am
$
0
0

Good Day All! :)

I'm soliciting the advise of any SonicWALL/SonicPoint experts. I've read a lot of material over the past month on best practices for high client density environments using 802.11n (Ni,Ne, and N2) access points.

99% of the clients are Dell Latitude laptops with Centrino N cards. The access points (mentioned above) are mounted in the geographic center of the ceiling which have recessed fluorescent lighting. I can get 10-12 clients connected and working but I need to get more.

My access points are configured for 802.11n only, auto radio band with auto primary & secondary channels. Short Guard Interval is enabled along with Aggregation. Transmit power is set to half because there are access points in each neighboring room and beacon interval is set to 200 ms.

Are there settings here that are incorrect that I should change? Are...

Search

Tz400 ldap ssl vpn woes with server 2012, unable to get local issuer certificate

December 7, 2018, 8:32 am
$
0
0

When i test the ldap connection for ssl vpn, i keep getting 14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)

My domain controller is also the CA server/authority.

I've tried everything.. i've exported the CA cert from my domain controller which is a 2012 server.  I've tried it a few different ways.. ldap test in the web console works fine if require tls is unchecked.. i've tried importing a regular server certificate with exported private keys and referenced that cert as well.

I'm pretty sure i'm just missing something here.

Anyone else ran into this? Or perhaps i shoudnt worry about TLS / certificates in this situation, but i felt it was better security if i did.

Thanks in advance

SonicWALL Site-to-Site VPN Not Allowing User Login

December 7, 2018, 5:53 pm
$
0
0

We have a working Site-to-Site VPN between two SonicWALL NSA 2600 appliances. As the Administrator, I can login fine to either SonicWALL, my local SonicWALL and the remote SonicWALL across the s2s VPN.

The problem is for my users. They cannot login to the remote SonicWALL over the s2s VPN.

They can login to their local SonicWALL, but cannot login to the s2s VPN SonicWALL. Yes, they hasve user accounts on both SonicWALLs.

When they try to login to the remote SonicWALL, they get the error message, "User login denied - User has no privileges for login from that location"

Please advise how to fix this. I've checked the VPN policy on the remote SonicWALL and yes, it shows that User login is allowed over HTTPS.


Communication between subnets

December 10, 2018, 6:27 am
$
0
0

A TZ-215 has 3 WLANs: W0 bridged to the LAN, W0:V1 an internet only public network, and W0:V2 a secure private network.

The goal is for clients connected to W0:V2 to have access to a device, a projector, connected to the ethernet LAN, without access to anything else on the LAN. When on the same subnet the projector can be pinged and gives a reply. The projector receives a static IP from the TZ-215, and an address object was created for the projector.

A rule was created giving any port, service or source on the W0:V2 Zone access to the projector on the LAN. No communication. After fiddling with variations on the rule without success, for testing purposes, a temporary rule was created giving wide open access for anything on the W0:V2 Zone access to anything on the LAN Zone. Still no communication. As a result I think I am missing part of...

Static IP for SSL VPN on TZ400 - is it possible?

December 10, 2018, 4:48 pm
$
0
0

Hello knowledgeable community!

We have a sonicwall TZ400 which we use for VPN connections and our software requires a static IP for each client in order to wirk work correctly.

For OS supporting the GVC this isnt an issue but for Android an iOS I have struggled to get at VPN connection with a static IP for each user.

Luckily this is an edge case for only a hand full of users but still I would like solve it.

Anyone knows hiw to achieve that?
Thx

adding a 2nd WAN Group VPN on Sonicwall to connect using Global VPN Client

December 10, 2018, 9:47 pm
$
0
0

We have 2 networks in our Head Office

192.168.26.0

192.168.1.0

We have a sonicwall firewall and all users connect to the 192.168.26.0 network using the global vpn client.

Is it possible to have additional configuration to add the 192.168.1.0 network to this existing setup or add a new WAN Group VPN?

We have 4 users who connect to the 192.168.36.0 WAN VPN Group to have access to 1 IP on the 192.168.1.0 network.

Odd SonicWALL VPN issue

December 11, 2018, 9:01 am
$
0
0

Or maybe it isn't so odd, and I'm just a network doofus. I have 2 VLAN subnets on our primary LAN interface giving me a total of 3 subnets on our internal network.


This setup is working just fine, all devices between X16 and X16:V100 can freely talk back and fourth. V10 is the only subnet that is segmented off as it is our test network. The additional subnets were originally created because we were running out of IPs on a single subnet, so V100 was created to house servers and printers.

So, now the odd part (to me at least). I used this resourceon SonicWALL's site to create a VPN tunnel to Azure and an Access rule. As soon as the VPN config was saved and enabled, several servers in the V100 subnet lost access to the primary subnet. Not all, only some of the servers. But of course the main culprits were our Horizon View gateways so...

Sonicwall NetExtender won't connect

December 11, 2018, 6:55 pm
$
0
0

We have two SMA 400 SSL VPN appliances with Firmware 9.0.0.0-9sv and NetExtender version 9.0.274. We are getting the following error when trying to connect via NetExtender on Windows 10 and WIndows 7 however Sonicwall Mobile Connect connects without any issue. 



Search

Routing problem on Sonicwall

December 12, 2018, 8:37 am
$
0
0

My company access services from a third party and that other company has a router in my computer room. I cannot access their router directly, and I have my own Netgear router that connects to theirs. The IP address of their router is 10.114.100.1 and my router's WAN port is set to 10.114.100.2. The LAN port on my router is set to 192.168.254.2 on my internal LAN.

I also have a Sonicwall for my main connectivity. I have routing enabled and a group of IP addresses are set to route to to the netgear router. The route policy on my Sonicwall is:

Source: Any
Destination: IP Address Group (an address group with 5 ip addresses)
Service: Any
Gateway: 192.168.254.2
Interface: X0
Metric: 1

So that all works fine. Someone tries to go to a web site at one of the IP addresses in the IP Address group and they get the website fine. So today, the Netgear...

Blocking IP Addresses - Sonicwall?

December 14, 2018, 7:07 am
$
0
0

I have a question regarding blocking IP addresses globally on the sonicwall.

The sonicwall documentation says to create the address object, and then create a deny rule from WAN>LAN or LAN>WAN.

I have many zones (VOIP, WIFI-CORP, WIFI-GUEST, etc); Is there a reason the documentation does not say to just set source as ANY and DEST WAN and create the deny rule? Would this not block traffic for all zones?

Is there some performance aspect or other issue I am missing with configuring the rules this way? 

SonicWALL SRA 1600 Web Application Offloading

December 14, 2018, 7:10 am
$
0
0

Hi

I have a SonicWALL SRA 1600 with a spare Ethernet port. I have been trying to use this to provide Web Application Offloading.

My understanding of the use of this is to provide security to websites that do not have it built in.

I have implemented this and it appears to work. When the IP address is accessed using a browser, the user is presented with the request for a username/password. So far, so good.

My problem is that the web server (a bespoke device) complains that there is an error somewhere in the communication and therefore refuses to load. It looks like the SRA 1600 is manipulating packets somehow and preventing the web page from loading properly. It is definitely the web server which is complaining.

I have switched on/off most (all) of the possible options but nothing seems to make a difference. Can anybody suggest a way to...

SonicWall Firewall NSA260 unit keeps rebooting- corruption detected in persistan

December 14, 2018, 11:32 am
$
0
0

Hello, 

My Sonicwall Firewall NSA2650 keeps rebooting by itself, sometimes twice a week showing in the logs: BAD MAGIC NUMBER or corruption detected in persistent memory messages. 

I tried a factory reset and entering all my settings again manually- but the same. any suggestions?

Thank you in advance,

log checking

December 15, 2018, 11:49 pm
$
0
0

Hi, 

I'm basically a Fortigate user and kinda had a hard time filtering log from a Sonicwal NSA5600. I just want to check the basic/usual log which is if the NSA firewall is being attack everyday by a common/usual IP outside the internet. How do I filter or create this basic report?

Thanks

TECH-JEFF

Sonicwall SOHO W -supports two internet providers?

December 16, 2018, 7:55 am
$
0
0

My wifes small business has a Sonicwall APL41-OBA/SOHO W firewall.

Right now it is connected to DSL which then goes to the Sonicwall with two IP addresses (one for mail /browsing and the other to a VOIP router)

I would like to add higher speed Spectrum cable as a second provider, but keep the DSL as a failover and active as the VOIP (mostly to avoid having to change many remote VOIP setups).

Question: does this model firewall support simultaneous use of two IP's?

If not are there other Sonicwalls that do?

Or is something like this a solution in addition to the existing Sonicwall?:

https://www.amazon.com/Peplink-Balance-20-Dual-WAN-Router/dp/B0042210U6/ref=sr_1_12?s=pc&ie=UTF8...

Many thanks!

Adding a Custom Hostname Resolution to Sonicwall NSA device

December 16, 2018, 3:05 pm
$
0
0

I recently purchased unifi voip phone for testing and I guess the unifi voip are a bit different with adopting process. Where on APs, Switches, and Antennas. You can set inform on those devices but with the voip phone I guess android has no way of changing how the automatic controller adoption works.

The phone from what I read online looks for "unifi" hostname. Nothing else just "unifi" I say nothing else because I tried adding unifi to my Win Server DNS A Records.... But because the fqdn adds the Windows server full domain to unifi the phone does not like that unifi is actually a sub-domain

My only option I have left I believe is seeing if there is a way to do a custom name resolution in the sonicwall so when a device ping 'unifi' it will send it to my AWS instance that is in the cloud with the necessary ports opened to my IP.

Search

Cant get certificate to work SSO Sonicwall. Workaround for unsecure pages?

December 17, 2018, 5:08 am
$
0
0

Hi,

I have a Sonicwall NSA 4600 running SonicOS Enhanced 6.5.2.2-44n.

Got many users in LDAP/active directory who log on wifi with username and password from AD with SSO agent.

Bought a certificate for the firewall so users dont see the login-site as insecure. This is a wildcard certificate like *sonicwall.local.source.com(just an example)

The certificate is installed as a local certificate on the sonicwall. But the users still get issues with login-page, that its insecure. Is it correct that the certificate is installed as a local one? Whats the difference with installing it as local vs as a CA, can someone explain?

I dont know how browsers check or validate certificate but do they need access to the internet to do that? Is it therefore users dont get to load the page?

Earlier google chrome had a link to "Details" and continue anyway, so...

Site to site VPN sonicwall

December 17, 2018, 9:12 am
$
0
0

I have several Sonicwall TZ-300 devices running a site to site VPN under separate subnets 192.168.1.0/24, 192.168.2.0/24, and 192.168.168.0/24.  Is there a way to see the devices in my network places?  I do have Enable NetBIOS checked.  The VPNs are up and I can Ping Devices.  What I can not do is join the local domain at 192.168.168.0/24.  Is there a setting I am forgetting to set to allow domain me to join said domain?

Wildcard Certificate on SonicWall NSA Appliance

December 17, 2018, 9:33 am
$
0
0

Hi all,

I need to update the wildcard certificate on our SonicWall NSA appliance. It was installed as a local certificate before but I just installed it as CA certificate. I'll be honest, I'm not sure what each option does. I've done some reading but can't find a clear explanation. 

I'm under the impression that importing it as a local certificate will allow secure connections for HTTPS. Is that correct? It only accepts PKCS12 or .pfx. How do I get that certificate type from GoDaddy? Or do I have to download the .crt and convert it?

Thanks in advance!

Sonicwall App Control blocks pictures in Hangout

December 17, 2018, 12:37 pm
$
0
0

Hi everyone,

I am using Sonicwall App Control to block dropbox, google drive, youtube...

However, my staff need to use hangout to exchange messages and sometimes pictures. After the App Control is applied, all messages go through but the pictures do not.

Is there anyway I can still apply App Control but unblock pictures on Hangouts?

Thank you.

Best,

Huy,

Drop Code: 56 (ARP unexpected link ip)

December 18, 2018, 7:20 am
$
0
0

I have setup a new ESXi host on our network and I migrated a VM from the existing host to the new host but I can't get the VM to connect to the network.  When I look at my Sonicwall capture I'm seeing the following:

DROPPED, Drop Code: 56(ARP unexpected link ip), Module Id: 47(ARP)

I've looked online but I don't see anything for this particular drop code. Anyone have any ideas on what the issue might be?

Viewing all 2641 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>