Trouble with Sonicwall VPN tunnel between two SOHO 250 routers.,

January 29, 2020, 12:40 pm

≪ Previous: Sonicwall and Cisco 9200 switch

Hi everyone!

I am configuring a VPN tunnel between our main site and a remote site using two Sonicwall SOHO 250 routers. I have the VPN tunnel configured between both sites and traffic is passing properly over the VPN tunnel between hosts behind both routers however from hosts in the main site I am not able to ping or access the remote site router by its local LAN IP, and from the remote site I am not able to ping or access the main site's router by its local LAN IP.

Main Site Router LAN interface is 10.5.0.1

Remote site Router LAN interface is 10.4.0.1

Hosts on the 10.5.0.0/24 subnet can communicate with all hosts on the 10.4.0.0/24 subnet however they cannot communicate with 10.4.0.1

Hosts on the 10.4.0.0/24 subnet can communicate with all hosts on the 10.5.0.0/24 subnet however they cannot communicate with 10.5.0.1

I followed the VPN...

↧

SonicWall Mobile Connect

January 29, 2020, 2:07 pm

≫ Next: Sonicwall Ports 80 and 443 are not Stealth via GRC and other Port Testing Sites

≪ Previous: Trouble with Sonicwall VPN tunnel between two SOHO 250 routers.,

Hi... Why I can't log in SONICWALL MOBILE CONNECT in my MAC - IOS CATALINA? I input the correct informations: Server, User, Password and Domain and after the good time received the message:

Mobile Connect has been disconnected for one of the following reasons:

* There was a break in the network connection.

* The connection was idle for longer than the configured idle timeout.

* Your user account was logged out of the SSL VPN portal.

Thanks

↧

Sonicwall Ports 80 and 443 are not Stealth via GRC and other Port Testing Sites

February 2, 2020, 8:55 pm

≫ Next: SonicWall routing question (from LAN to VLAN and vice-versa)

≪ Previous: SonicWall Mobile Connect

this topic has been discussed previously. the answers I have found did not solve the issue.

The client sonicwall TZ 300 router was checked and in Stealth mode. We also found the Sonicwall article suggesting to enable DNS Logging to DNS (only), still 80 and 443 were "not" stealth

↧

SonicWall routing question (from LAN to VLAN and vice-versa)

February 4, 2020, 7:20 am

≫ Next: Sonicwall SSL VPN and WIn 10 SSTP VPN client

≪ Previous: Sonicwall Ports 80 and 443 are not Stealth via GRC and other Port Testing Sites

Hey guys,

Quick question (hopefully). I've got a SonicWall where I'd like to break off WiFi traffic into a different VLAN. That part works and clients get DHCP addresses from the SonicWall, but it seems that while the SonicWall can talk to clients on this new subnet, they cannot talk back so to speak. I assigned this new VLAN to the LAN zone, but have not made any other changes as of yet.

Thanks!

P.S. Switches have the new VLAN tagged and such.

↧

Sonicwall SSL VPN and WIn 10 SSTP VPN client

February 4, 2020, 2:02 pm

≫ Next: SonicWall Global VPN Client 4.10.2.0428 disconnecting for some reason

≪ Previous: SonicWall routing question (from LAN to VLAN and vice-versa)

I am testing Sonicwall SSL VPN on a current model Sonicwall appliance. I am able to connect fine using the Sonicwall Net Extender client on Windows 10, as well as the "Sonicwall Mobile Connect App" from the Windows 10 App store.

VPN is using port 443. A commercial certificate is used to avoid issues with trusts, chains, CRLs etc.

However installing additional client is not an option on some computers (beyond my control.)

If a client machine does not have either of the above VPN clients installed, the native Windows VPN client still offers an "SSTP" (i.e. SSL VPN option.) With a self signed certificate, the Windows native client would complain about certificate issues so I know it was at least starting a connection attempt. With the certificate fixed, the client prompts me for password but then immediately responds with

“The specified...

↧

SonicWall Global VPN Client 4.10.2.0428 disconnecting for some reason

February 4, 2020, 2:53 pm

≫ Next: Sonicwall GAV/IPS blocking screen-share applications? (Enable for some users?)

≪ Previous: Sonicwall SSL VPN and WIn 10 SSTP VPN client

This is only happening on one PC. All the others (using the same client version) can stay connected without issue. The user says it happens when they are away and while they are using the PC, so it doesn't seem to be a time out / sleep issue.

On the local machine client log I see this:

Information Releasing IP address for the virtual interface (00-60-73-11-7D-B5)

Nothing before that to explain why it's doing this. I'm not sure where to start looking to figure out why this is happening. Any ideas?

↧

Sonicwall GAV/IPS blocking screen-share applications? (Enable for some users?)

February 5, 2020, 5:27 am

≫ Next: Cannot login to TZ400 after admin name and password change

≪ Previous: SonicWall Global VPN Client 4.10.2.0428 disconnecting for some reason

So our sonicwall GAV / IPS blocks some remote-desktop / screen sharing applications.

What is odd, is it only blocks some of them, for example ive found:

LogMeIn - Blocked
GoToMeeting - Blocked
TeamView - Not Blocked
WebEx - Not Blocked

I don't think I've changed much from the IPS / GAV settings, and i have a few questions:

We use teamviewer on the LAN side of the sonicwall for remote support, we also access LAN side clients from the WAN for remote support. Is there a way to "secure" this more on the firewall side? (On the teamviewer side, random passwords are disabled, and accounts are white-listed to only allow support account logins)?
Could i create app-rules, or just use IPS to block all other remote services?
Our vendors all use a different remote support application, is it possible to white-list certain user accounts that work with...

↧

Cannot login to TZ400 after admin name and password change

February 5, 2020, 6:42 am

≫ Next: SSL certificate for Sonicwall Web Management

≪ Previous: Sonicwall GAV/IPS blocking screen-share applications? (Enable for some users?)

Hello everyone.

Today I updated the admin name of my TZ400 to "abc.admin" (abc is an example) ad it's password. After doing so I can no longer login via https due to a continuous request to relogin: "this browser window does not appear to be the one used nost recently to log in to the Sonicwall from here. You will need to switch to that browser window and re-log in".

What I did so far:

tried multiple subsequent logins with no avail
cleared browser cache (ie 11 / edge / chrome)

use incognito browsing

verified username and pass are correct: when I type correct credentials I get the re-login request, if I type wrong credentials I get a bad password message

tried login with a read-only admin to check the new admin name in Appliance/Base settings: the new name is there

Using self signed certificate

Firmare version:SonicOS Enhanced 6.5.4.4-44n

I...

↧

SSL certificate for Sonicwall Web Management

February 5, 2020, 12:13 pm

≫ Next: SonicWall NSa 4650 - Two different subnets on same WAN interface

≪ Previous: Cannot login to TZ400 after admin name and password change

I am trying to find out how to setup the SSL Certificate for a Sonicwall for the web management.

Which type of SSL certificate do I need and how do I setup the sonicwall SSL certificate so it works both internally when accessing it and externally.

I saw it requires a FQDN, do I just set it up with the external FQDN like LOCATION.DOMAIN.COM, will that affect the internal use since their no FQDN internally (as their no real domain controller)

↧

SonicWall NSa 4650 - Two different subnets on same WAN interface

February 6, 2020, 2:14 am

≫ Next: SonicPoint Configurations for Guest Network

≪ Previous: SSL certificate for Sonicwall Web Management

I have a SonicWall NSa 4650.

On our WAN-interface(X1) we have IP 195.x.x.x/30 configured.
Our ISP gave us a secondary IP 212.x.x.x/30 on the same connection(going to our X1 interface).

I want to have the GUESTS on VLAN 100 have the public IP of 212.x.x.x so I've created a NAT rule.

Text

Source Org......: X0:100 Subnet(Guests) Source Trans...: 212.x.x.2 (Adress object defining the secondary subnet IP) Inbound int......: X0:100 Outbound int...: X1

This NAT rule works fine on our secondary site where the two IP:s we have are within the same range.
It's not working on our first site with the scenario described above.

I have searched the internet and found many things I've tried which I'll list below but none of them have worked. Maybe I have missed something or done something wrong, or it's just not possible?

I've tried adding a static route...

↧

SonicPoint Configurations for Guest Network

February 7, 2020, 4:51 am

≫ Next: Sonicwall high cpu usage

≪ Previous: SonicWall NSa 4650 - Two different subnets on same WAN interface

I have 32 access points configured with two virtual access point SSID's, I'd like to change one of those to be an open guest network. Is it possible to configure it so that the guest does not have access to network resources? Currently I have the firewall set up to allow access because users need to print from their wireless devices. Please let me know if this is possible and if so can you point me in the right direction.

↧

Sonicwall high cpu usage

February 7, 2020, 5:10 am

≫ Next: LDAPS connection from spam filter not working. configured correctly

≪ Previous: SonicPoint Configurations for Guest Network

We have a TZ 105 wireless-N, that's CPU is showing 100% usage. In the core 0 monitor, it shows tCLI has being the route cause, with a usage of 97.5 % consistently. Has anyone else ran into this issue

↧

LDAPS connection from spam filter not working. configured correctly

February 7, 2020, 8:52 am

≫ Next: false positives in Sonicwall?

≪ Previous: Sonicwall high cpu usage

Hi all,

hoping someone can help guide me to the promise land.

so i am sure you all know about the fun update coming that will enforce channel binding and LDAP signing.

in prepareation of that, i am trying to setup my directory connector in mimecast to use LDAPS. But i am having some issues that have totally stumped me.

Everything on my end seems to be setup correctly. at least i think.

Mimecast has a directory connector with the exact same info as our LDAP connector(which works fine), except obviously i change the port to 636 and select "encrypt connection" but when i test connection, it fails and gives me a message like:

" Public IP address" " peer not authenticated"

here is the overview:

we have a access rule that allows traffic from mimecast IPs coming into wan, and allow LDAP LDAPS traffic. then a nat rule that forwards that traffic to...

↧

false positives in Sonicwall?

February 7, 2020, 9:50 am

≫ Next: SonicWall TZ 300 WAN throughput

≪ Previous: LDAPS connection from spam filter not working. configured correctly

I am getting the following alerts via our Sonicwall, not seeing this specific message anywhere online, IP lookup says Cogent Communications.

need to worry?

↧

SonicWall TZ 300 WAN throughput

February 7, 2020, 10:42 am

≫ Next: TZ 105 VPN on other than default WAN address?

≪ Previous: false positives in Sonicwall?

So I just signed up for fiber in my new building with Comcast Business. It's a 500 Mbps connection. I have it hooked up to the X1 port on my SonicWall TZ 300 and I've been doing speed tests on the LAN to see what I'm actually getting.

I only seem to be getting 120 Mbps up/down. I've run the test from different computers on the LAN.

The way my setup goes is as follows.

Cat 6 cable running from Ciena delivery switch at the dmarc up to my SonicWall.

Patch cable from SonicWall to gigabit switch.

All servers are on gigabit switch.

I've done a support call with SonicWall and they said that everything looks fine on my end. The TZ 300 is capable of getting up to 300 Mbps with security turned off. With security turned on I should be getting 250 Mbps which I'm not.

Any thoughts on what else I should look into?

Lastly, if I wanted to upgrade my SonicWall...

↧

TZ 105 VPN on other than default WAN address?

February 10, 2020, 6:36 am

≫ Next: Whatsapp is not working on WiFi With SonicWall

≪ Previous: SonicWall TZ 300 WAN throughput

It is possible to get the VPN on a TZ 105 to work on other than the default WAN IP? My customer just went from 1 public IP to a block of 5 and I would like to use one of the other addresses for the VPN, but I can't see where to do that in the interface. Thanks.

↧

Whatsapp is not working on WiFi With SonicWall

February 10, 2020, 9:07 am

≫ Next: Capture ATP: Can I exclude a wildcard URL?

≪ Previous: TZ 105 VPN on other than default WAN address?

WhatsApp doesn't connect when using WiFi.

WhatsApp Messenger is allowed in Mobile-apps

Everything Facebook is allowed in Social Media.

I got the followings in the log.

15:37:03 Feb 07	1154	Firewall	Alert	Application Control Detection Alert: MOBILE-APPS WhatsApp Messenger -- DNS Query, SID: 7841, AppID: 1655 CatID: 78
15:37:03 Feb 07	1154	Firewall	Alert	Application Control Detection Alert: MOBILE-APPS WhatsApp Messenger -- DNS Query, SID: 7841, AppID: 1655 CatID: 78
15:37:00 Feb 07	1154	Firewall	Alert	Application Control Detection Alert: MOBILE-APPS WhatsApp Messenger -- HTTP Activity 3, SID: 13083, AppID: 1655 CatID: 78

↧

Capture ATP: Can I exclude a wildcard URL?

February 10, 2020, 1:55 pm

≫ Next: Lots of "TCP XMAS Tree Dropped" messages, should I be concerned?

≪ Previous: Whatsapp is not working on WiFi With SonicWall

My company uses Capture ATP to scan incoming files. Some web apps we work with store their files in S3, so the URL looks like 'https://s3.amazonaws.com/some-legit-company/downloads/...' We want to exclude files from this company from Capture ATP, but obviously do not what to exclude all of 'https://s3.amazonsws.com'. Is this possible?

This isn't really just a case of "we would like to". In this case, the apps literally do not work because of Capture ATP. By the time Capture ATP has returned a verdict, the S3 access token has timed out and the user is shown an S3 Access Denied message. When they attempt the download again, the file they are trying to download is regenerated with a different hash and needs to be scanned again. This cycle repeats indefinitely. If we cannot exclude the app's S3 URL, we will be left with very few choices:...

↧

Lots of "TCP XMAS Tree Dropped" messages, should I be concerned?

February 11, 2020, 10:02 am

≫ Next: SonicWall TZ 600 looking to upgrade have spec question

≪ Previous: Capture ATP: Can I exclude a wildcard URL?

Hi everyone. I'm entry level IT and still learning the ropes, so excuse what might be an easy question.

I like reading the SonicWall log emails we get that detail the goings and comings in our network and have been noticing quite a few "TCP Xmas tree dropped" logs.

There will be about 7-9 in a single log email, all in a row.

The first time I noticed it, yesterday, the IP address was coming from Virginia, US. Later in the day, we had some but this time coming from a Netherlands IP address. Later, we had a lot but this time coming from a Swedish IP. And then today, we have the same coming from a Philippine IP address.

I've read a little about "Christmas tree packets" and how they're used but not exactly sure what's going on here and if we should be taking extra measures or just monitoring or something else.

Thanks!

↧

SonicWall TZ 600 looking to upgrade have spec question

February 11, 2020, 10:42 am

≫ Next: SonicWall SSL Certificates

≪ Previous: Lots of "TCP XMAS Tree Dropped" messages, should I be concerned?

I was just chatting with a rep and for the throughput I need to get the most out of my fiber connection the TZ600 was recommended. I currently have a TZ300. What I'm trying to understand are the specs for the device.

Performance:

Firewall throughput: 1.5 Gbps
Full Deep Packet Inspection (DPI) throughput: 500 Mbps
Application throughput: 1.1 Gbps
IPS throughput: 1.1 Gbps
Anti-malware throughput: 500 Mbps
Firewall throughput (IMIX): 900 Mbps
SSL inspection throughput: 200 Mbps
VPN throughput (IPSec): 1.1 Gbps
Connection rate: 12000 connections per second

When it comes to the firewall throughput of 1.5 Gbps do the following items take away from that throughput when running? So what would be the max throughput with all the services running then?

Thanks

↧