HI,
I have been working with a sonicwall NSA 220 and have been able to open ports. But for some reason Once I go through the process of opening ports some are still showing as closed when i do port scans. I do not know why this is happening or what the issue maybe. It does not make sense that some ports i am able to open and others are not. I have tried and retried with no luck. Please help. I am running firmware 5.9.1.1.
Hi Guys
I have Sonicwall NSA220 running Firmware: 5.9.0.7-17o.
I've tried to configure an IP address range to bypass the CFS but it doesn't seem to be working. The devices are still blocked. I'm wondering what I've configured incorrectly.
Here is how I've set it up:
1. CFS is enabled.
2. Default Content Filtering rule is configured in - Firewall>App Rules> "Default Content Filtering Rule".
3. - Block list/Allow list is configured in Firewall>Match Options>1. Block List, 2. Allow List.
For the CFS Exclude IP Range I have configured:
1. Network>Address Objects> I created a "CFS Exclude Range" address object and added a range of IP I want to exclude.
2. CFS> Enable CFS Exclusion List - selected the "CFS Exclude Range Object".
3. Firewall>App Rules> "Default Content Filtering Rule" - Edit>Exclusion Addresses> set to "CFS Exclude Range Object".
What do you guys think, have I configured this correctly? What should I check?
Kind Regards
Aaron
Hello.
I have A TZ215 Sonicwall appliance.
I have activate "app control advenced", desactivated "teamviewer" in the "remote-access" category, but i still have problem.
Teamviewer was not blocked.
If i disable app control advanced it works
We have a school with a NS4600 installed in May. It has SSO enabled and separate Content Filtering Policies for each peer group.
We also have DPI-SSL set up.
It appears that students can get around the content filtering to Facebook and other social media and other types of sites by constantly refreshing their browser when the blocked page appears
They also have an issue where if they put the blocked url into google translate then they can circumnavigate the filtering and reach the site.
it seems that the number of DPI-SSL sessions is being reached and then the firewall opens all new sessions with no filtering at all instead of dropping packets once the session limit is reached.
Has anyone else had this issue?
We are having a lot of problems with two ceiling-mounted SonicPoints.
Connections are lost after 15-20 minutes then are difficult to regain/maintain.
The SPs are about 80 feet apart, could it be they are too close together??
I think there's ways to have each one be on different channels so they don't conflict??
Is it possible to have each SP have its own separate SSID, if so, how??
Thank you, Tom
Hi,
I set up a SonicWall the other day, and I'm having an issue on 2 workstations. These two workstations have static IPs. The other workstations use DHCP. Those using DHCP can access the Internet with no issue.
The computers with the static IP can access the Internet as well, but only if they're set to use the DNS servers from the ISP. If I set them to use the SonicWall as the primary DNS, they can't get out to the Internet. So, if the SonicWall is 10.0.0.1 the following won't allow Internet access
IP/subnet: 10.0.0.100 /24
Gateway: 10.0.0.1
DNS1: 10.0.0.1
DNS2: some other value
but changing DNS1 to 24.92.226.11 (Time Warner DNS) will allow Internet access.
Any thoughts?
I opened a support call because I could not get the firewall to block/allow WAN access based on MAC address. I setup the MAC address as an address object and then tried to apply that in Access Rules.
After looking at it for a while the tech told me that is the case. You can block/allow by IP but not MAC. That still does not seem right to me. Has anyone had any luck with this?
Thanks,
bshort1023
Hi!
LDAP Option is missing under User Authentication Method. Only Local Users is selected.
NSA 5600
Sonicwall Enhanced 6.2.2.0.12n
Any Suggestions?
Thanks.
I recently upgraded my NSA-240 running SonicOS Enhanced 5.9.0.7-17o to a TZ 600 running SonicOS Enhanced 6.2.4.2-20n. I exported the settings from the NSA-240 and imported them into the TZ 600 and other than having to tweak the settigs for X8 and X9 that do not exist on the NSA-240 the configuration imported perfectly.
Since the system is new I have left the serial console connected to a computer so I can see if there are any messages. I am periodically getting the following message to the console and I can't find an explanation for what it means:
MOD_ATOM was overlapping (in_group) - same AO
Hi!
We have enabled LDAP Integration on Sonicwall and imported the groups and users from AD but when we are enabling lan to wan rule and adding a group or user as allowed users, all users are able to use internet.
Any Suggestions?
Thanks.
Currently using 4.9.0.1202 however sometimes it work and other times I get RDP error "An internal error has occurred".
The Sonicwall VPN client software always connect and I can ping resources on the destination LAN however RDP fails with that error. On the global VPN download site it says the VPN client is only supported up to windows 8.
A client has a TZ210 Sonicwall that we have been using for RDP and RDS connections. Currently they have a public ip of xxx.xxx.xxx.89. They recently purchased a new software that pulls tractor trailer load data from an App server to a website. They require the server have a different public IP and port 443 open to it so that it can pull the load data for display on the website. I assigned a public address object of xxx.xxx.xxx.91 from their block of static IPs from the telco. I then created a private address object for the App server. Then used the wizard to create the NAT policies and the firewall access rule. All seemed to work well with the website gettings it's data. Then their remote office which uses the xxx.xxx.xx.89 public IP for RDS connections back to the server at the main office. Apparently they started getting disconnected from the RDS about every 60-75 seconds. After some playing around with the settings I found that disabling the reflective NAT policy would then allow the RDS users to keep a stable connection. The App server won't talk with the website when the reflective policy was off. The App server would say it's public IP address was the xxx.xxx.xxx.89 IP address, were as with the reflective on it said it was xxx.xxx.xxx.91 like it should be. I cannot determine what about the reflective policy is causing the issue with the RDS connections. The RDS server is Windows Server 2012 R2 and the App server is Windows Server 2008 R2. They are two separate physical machines. I tried using a different port for the website, 8443 instead of 443 thinking that the redirection of the 443 was messing with the RDS authentication in some way, but the results were the same for 8443 as it was 443.
server DPI-SSL setting with PFS, does this feature available in NSA-5600 UTM ?, we are publishing web site and it is highly secure site, site is failing with PFS on test, we are closing on time, please help. how do we do it .
thanks,
PS: if this quastions is been answered earlier please guide me to that article,
We've uplinked a PoE switch to the X6 of our NSA220W (firmware 5.9.1.0-22o), and since it's only handsets on this PortShield, how can we set up QoS/BWM for this, and what is the workflow?
I figured it would be easier this way, than to create a VoIP specific rule for everywhere in the LAN. Basically the goal is to guarantee a certain amount of bandwidth to the X6, regardless of what goes thru it.
I Have 2 SonicWALLS with a site to site connection. I want Company A to access any and all resources on Company B's Site.
But I do not want Company B to access ANY of Company A's Assets besides what I 'ok'
How do I go about this?
Hello everyone!
My name is Christian, I am from Hagen / Germany and I work as systems engineer for a medium-sized company.
While setting up a route-based VPN between our NSA 3600 and a Cisco Router I found out that there's no way to create named tunnel interfaces for my new VPN connection. The dropdown menu shown in some Sonicwall documents discussing route-based VPNs is just not there (it should be below the Interfaces section in "Network" -> "Interfaces"). One document references SonicOS 6.2.4 to use, but I am already using the latest early release for my device. There's no 6.2.4.x for the NSA3600.
Is somebody having the same problem or fixed it already? The support guy suggests to use another guide which references SonicOS 5.9 (there's no such download for NSA3600), and the guide doesn't show my device in the affected platforms section.
Any help is very appreciated.
Best regards
Christian
I try setup a Dynamic DNS with No-Ip.com service in my TZ 500 (SonicOS Enhanced 6.2.3.1-19n) but when i setup up the ddns i got (invalid account) in the status message. Why? What's the problem?
I am failing a PCI scan. I have a TZ400 with IPS turned on. but the PCI scan is failing with:
OpenSSL 'ChangeCipherSpec' MiTM
Vulnerability www (443/tcp)
CVE-2010-5298, CVE-2014-0076, CVE-2014-
0195, CVE-2014-0198, CVE-2014-0221, CVE-
2014-0224, CVE-2014-3470
How can I block stop that. I need 443 open to the SBS server for email access.I am assuming that the Sonicwall can/ should stop the MiTM attack,
Thanks
Hey all,
I already have a NSA2400 , which is still on the old old firmware, 5.5.1.0-5o
Havent ever upgraded the firmware, as didn't feel the need, but with a new VOIP (Mitel) solution coming soon, it does make me think maybe the latest firmware will be needed to ensure smooth SIP Data flow from router to Mitel controller through the firewall.
Soooooooooo, I bought a 2nd hand old NSA 2400 for me to play around with, and given the unit is on the same firmware, thought I would start with upgrading the firmware to the latest release to make sure the unit upgrades and doesn't BRICK, etc etc.....
However, the unit needs to be registered before I can do anything, and trying to register the device online tells me "it is already registered".
Is it a case of email the guys at Dell to say I want to register a NSA2400 I just purchased ? and they check there systems to show that the previous owner has never used subscription services, etc ?
or is it best to send it back to the 'Computer Clearance House' I just bought it from on eBay ?
Good afternoon everyone
I'm trying to block netflix.com site for users who logam via SSO and who are included in a group imported from the Active Directory for Users / Local Groups on the SonicWALL. This group atrelei CFS Policy I created, where to insert the Custom List, the Forbidden section, the netflix.com domain, but the site access in any way, using http and https. When I lock via App Control, blocks access via http however, to add the https URL in the site access normally.
Could help me in this matter?