Hi,
I have enabled and set guest service for guest zone ...
After connection to guest network i see form for login. When i put guests username, pasword and click login i see only picture below. In Active Guest Sessions I don´t see any active session, and access to internet is not allowed. Do you have some advice how to solve this issue ?
hi all,
i have two sites HQ and branch, connected through L3vpn (two routers) i need to deploy the NSA 2600
in HQ what is the best practice for this deployment to have security.
i am thinking in wire mode (secure Mode) but when choosing the zones for the paired interfaces what i should choose LAN & LAN but with this everything will be accepted from outside ( not secured)
if i choose WAN & LAN on paired interfaces what should i do if i have port forwarding or anything on router???
the question is if i choose WAN and LAN for paired interfaces...how to allow port forwarding or any routing on the VPN router ???????????????????
hi, we've a TZ200W unit at the office, and i wanted to have a backup unit. so i purchased a TZ 200 on auction, and loaded the latest firmware (in default/reset config).
then i logged in with the new / latest firmware loaded for the 200 and imported the 200w settings from our working tz200w, it warned me that some of the settings arent the same forthis unit ( i assume its the wireless portion, as the backup unit isnt a W unit),\
so i went to login to the unit and its got the new local ip address forthe unit imported, but will not let me login using our admin and password. i tried the default admin/admin, Admin, password, Password, etc...
so the unit appeared to import the settings, then let me goto it via the new imported local ip address, i just cant login?
any ideas, thanks
Hello Everybody ,
We are using LDAP . We imported the users to the sonicwall , version SonicOS 6.2 but exclude users is not working for CFS or Application control for Peer2Peer as example .
Did anyone tried it and it worked ?
Hello, As I setup my new appliance I have come across a few things that appear worthy of question.
1. As I add in my WAN IP addresses, I use multiple public IP's (Address objects) the system seems to automatically apply a netmask of 255.255.255.255, which is incorrect. The system also did this to my WAN X1 IP and Default Gateway under (Address objects) even though I setup X1 WAN to have a netmask of 255.255.255.240
2. Should I be using (Address objects) for all of my LAN destination IP addresses. this seems not intuitive and should be another way ? When creating an access rule for WAN to LAN the destination does not allow me to simply add an IP address, I have to create a destination and then name it.
3. Is the correct way for adding multiple WAN IP's to create an (Address object) for each IP and then use NAT policy for each ?
I am setting up a new laptop. It came with Windows 7 and a trial version of some McAfee product. As I normally do, I uninstalled the trial software and then opened a web browser to get the enforced AV client installation going. It appeared to go normally, but there is something wrong. It's still blocked from the Internet, and McAfee doesn't show up in the Add/Remove applet in the Control Panel. The McAfee Security Center shows it as not being up to date.
I tried uninstalling (using the MVSUninst tool) and then reinstalling, and the same thing happened. I tried using the McAfee Virtual Technician, and it found 78 problems. The Autofix said it fixed 17 registry problems, but it failed on the rest: 41 registry problems, 12 missing files, missing folders (doesn't give a number), 4 missing/corrupt COM components, 2 services expected, and the final message says "On-AccessScan is disabled."
Hi!
I need to be able to ping the wan interface of sonciwall NSA E5600 from a single IP on the internet. Can somebody help?
Thanks.
Is there an RSS feed for SonicAlert ?
Hello,
I have setup Netextender. From a remote laptop it connects fine. I can then ping some of our network servers but not others. I cannot seem to see why. The ones I can ping I can RDP to.
I tested against a server I could ping and one I could not. Turned Windows firewall off on both no difference. Checked remote access on both, the same is set. Not sure if its a sonicwall issue of individual server issue.
The servers are on the same IP range. I have about half the servers I can access and half I cannot. Same OS on some I can and cannot access.
From the remote machine I can access the internet. One of the servers I cannot access is running DNS so I am trying to access via IP addresses only at the moment. Have tried two laptops over two different internet connections.
Any suggestions would be most welcome.
Thanks
I have an NSA 3500 and am having issues trying to sync the time from an external NTP server to devices on the LAN. None of my servers on X0 LAN can get a response from the NTP servers. In the connection monitor, I see my servers sending an NTP connection out, but nothing is coming back.
Can someone point me to an article as to how to configure this? Funny thing is that I have a few TZ 200s that have not problem with NTP time servers to their servers.
Thanks in advance for you help.
We have several SonicPoint-N (APL23-081) units on site that are most likely failing and would like to replace the fans before they do. RMA isn't an option as the warranty is expired. I know that the orignal fan is a Sunon GM1202PFV3-8, which is 25x25x10mm, has a 3-wire connector, and is rated at 12VDC 0.5w, but I am having trouble finding a replacement. Could anyone suggest one?
I have a Dell Sonicwall NSA 4600 with fw version SonicOS Enhanced 6.1.1.12-41n. I need one of my SFP interfaces to be 100Mb for an external connection. The SFP modules I am currently using are hard set to 1Gb in the Interface Config, no options for any other speeds. (All of my onboard 1GE interfaces are already used.) Are there SFP modules available that will allow auto-negotiation? Thanks!
Hello,
Just started using Sonicwall and in process of testing the analyzer. Tried installing on a server that is being used for network monitoring already with Solar Wind, I got an error during installing that the HTTP port is already being used which must be the analyzer for solarwinds. My question is there a way for both apps to share the port? If not any recommendations about which existing server can I install the analyzer on or which ones do you guys use (DC, Exchange, etc)? We have a server running Symantec BackupExec and Symantec EP Manager, perhaps I can install on that one? cant setup a new server just for this.
Thanks in advance.
I have thousands of mails infected with Locky.Downloader virus passing through the TZ400 firewall.
Anyone seeing the same problem, and how you stop this virus?
Hello everyone and thank you in advance for any help forthcoming. This is my fist post so I will try to be as concise as possible.
We ran out of public IP addresses in the range assigned to the WAN. Our ISP gave us another /29 Subnet. I ran through the steps out lined here to no avail.
I used a new interface and a new zone on the LAN side to keep the new traffic separate.
Troubleshooting packet handling revealed that the new Zone on the LAN side is not able to reach the WAN. All packets between the two are dropped. Currently I am streaming a series of ping requests for an internet site (8.8.8.8) to generate traffic from the new Zone for analysis.
Ethernet Header
Ether Type: ARP(0x806), Src=[--], Dst=[ff:ff:ff:ff:ff:ff]
ARP Packet:
ARP TYPE: ARP Request
Sender MAC Address: --
Sender IP Address: x.x.20.3
Target MAC Address: --
Target IP Address: x.x.37.26
Value:[0]
DROPPED, Drop Code: 20, Module Id: 47
Ethernet Header
Ether Type: IP(0x800), Src=[--], Dst=[ff:ff:ff:ff:ff:ff]
IP Packet Header
IP Type: UDP(0x11), Src=[x.x.20.3], Dst=[x.x.20.255]
UDP Packet Header
Src=[137], Dst=[137], Checksum=0x6955, Message Length=58 bytes
Application Header
NETBIOS Ns:
Value:[1]
DROPPED, Drop Code: 49, Module Id: 26
Needless to say all pings fail, the only address that responds is the address assigned to the new Zones interface. x.x.20.1.
Other than the new Zone we have LAN(static), WAN(static), and DMZ(transparent mode) active.
Let me know if you need more information, I'm not entirely sure where to start and didn't want to overload this post.
Thanks again and looking forward to your response!
HI!
Isn't it possible in NSA E5600 to do interface based dhcp search to find devices in a specific dhcp pool? The search facility is also not there.
Thanks.
I have a VPN between a Sonicwall NSA 2600 and a TZ 300.
the VPN is working and I can ping and reach inner resources. however the NSA 2600 is the HQ. In the TZ 300 site we have one of those fingerprint employee time clock in the Branch when I want to download the file a really small log. it takes 15 minutes from the LAN in the HQ to the LAN in the VPN.
I disables IPS and CFS just in case but still takes the same time.
I checked the packet monitor and from everything is working fine traffic is passing from LAN to VPN and from VPN to LAN no packets drop. I used Wireshark also and same result I am reaching the device withouth issues.
The weird thing that I have another location with a TZ 300 same configuration for VPN and there I can download the LOG file in seconds. So I dont know what else to do. I called Sonicwall support but they didnt find any issue either in the Sonicwall since traffic can pass from LAN to VPN.
Any idea maybe you had a similar issue before.
A client accesses a webpage but the owner of the webpage warns them that we use the site too much.
Now I want to setup some monitoring especially for that particular website how much traffic (requests) we sent to them. So when the site-owner says we use it too much, we have some ammunition to show that we either indeed use it more often (and that we know which internal IP caused that) or not.
I have made a special firewall rule and enabled netflow. Unfortunately this doesn't give me the results I need.
Does anyone out here have an idea how this can be achieved?
The client is using a NSA3600 with the latest SonicOS.
Thanks for the answers.
As we follow Dell SonicWALL Security Center's suggesting for blocking old browsers behing Sonicwall NSA from here , we found that our outlook client (2010, 2013 and 2016 ) render HTML email with user-agent IE7, which is blocked on Sonicwall NSA App Control "Microsoft Internet Explorer -- HTTP User-Agent MSIE 7.0". Is it possible to identify it's from Outlook Email Client, or probably IE11 run in compatibility mode ?
Thanks!
I can access something like : http://192.168.1.216:9090/NewSoftHr/login.ns from local network . The server is running Apache Tomcat/7.0.14
but I cannot access it from the internet http://XXX.YYY.33.206:9090/NewSoftHr/login.ns
What I did is the following:
1. I created a service object HT9090 : TCP and port 9090
2. I Created a group service object named HR Portal Services which include both HTTP and HT9090 service objects.
3. I created 2 address objects for the server Private 192.168.1.216 and Public XXX.YYY.33.206
4. I created 3 NAT Polcies Inbound, OutBound and Loopback ( created by wizard)
Source Original | Source Translated | Destination Original | Destination Translated | Service Original | Service Translated | Interface Inbound | Interface Outbound |
Firewalled Subnets | HR Portal Public | HR Portal Public | HR Portal Private | HR Portal Services | Original | Any | Any |
HR Portal Private | HR Portal Public | Any | Original | HR Portal Services | Original | Any | X1 |
Any | Original | HR Portal Public | HR Portal Private | HR Portal Services | Original | Any | Any |
5. I Created an Access rule from WAN To LAN , Source port : Any , Service : HR Portal Services , Source : Any , Destination : Public Server.
with Allow Action.
Would you help me if I am missing something