Looking for Tips and Traps on implementing global bandwidth management

September 19, 2016, 12:33 pm

≫ Next: NetExtender problems in Ubuntu 16.04

Good afternoon, all!

I'm looking to implement global bandwidth management on my NSA 3600 firewalls. We're running 6.1.1.8-25 firmware (can't go to Early Release per company policy) in two datacenters.

I want to throttle bandwidth on two connections. First, I'm moving the office network to its own subnet, running off one of the firewall ports, probably X4. I want devices in that zone to only use up to 50% of the total WAN bandwidth, currently 10Mbps from the carrier. All other zones and networks should have full bandwidth available, with no limits.

The second connection is a Platform as a Service stack, running off another subnet and firewall interface (X5, if memory serves). On this zone I want to set a limit on the use of an MPLS circuit between my datacenters. This is a separate network in the LAN zone. I need to throttle this so I can start running virtual machine backups across the MPLS.

Is there a document or group where I can get a feeling for how to best configure and run this? I'm not keen on calling SonicWALL support for this, but if needs must.......

Further details on request. Thanks very much to all for looking!

Gregg

↧

NetExtender problems in Ubuntu 16.04

September 20, 2016, 9:36 am

≫ Next: Windows Update specific port

≪ Previous: Looking for Tips and Traps on implementing global bandwidth management

Hi,

I have a strange issue using Sonicwall NetExtender in Ubuntu to connect to my university's VPN. First of all, when I connect through Windows I have no problems so I suspect (hope) that I can fix this on my end.

NetExtender (which uses PPP to connect to the VPN) always connects successfully. However, I cannot access anything on the remote network unless I receive certain client IP addresses:

10.10.12.26
10.10.12.30
10.10.12.33
10.10.12.34

(and possibly others - these are the only ones exposed by my testing so far)

Any other ip address that I am assigned from 10.10.12.20 and up will not work. I am completely in the dark here. If anyone has any insight into this issue I would greatly appreciate it!

Cheers,
tom

↧

Windows Update specific port

September 20, 2016, 12:14 pm

≫ Next: SonicOS Enhanced 6.2.6.0-20n Password requirements

≪ Previous: NetExtender problems in Ubuntu 16.04

I currently have three WAN connections. 2 are in the DLBG set to "ratio" and an old slow cable modem is there for final backup. I would like to send all Windows Update traffic out that old modem (X3) since it has zero use most of the time. Is that possible? Anyone have instructions on how to do it?

Model:NSA4600

Firmware SonicOS Enhanced 6.1.1.9-30n

↧

SonicOS Enhanced 6.2.6.0-20n Password requirements

September 20, 2016, 7:22 am

≫ Next: Sonicwall CLI Basics

≪ Previous: Windows Update specific port

We recently upgraded to SonicOS Enhanced 6.2.6.0-20n on our NSA 2600.

I'd like some help understanding the new password requirements. I know it's configurable, but we are having some difficulties understanding them.

What we'd like is to have user logins be 8 char min, at least 1 upper, 1 lower, and 1 numerical, but to also allow special if the user wants.

Is there a way to configure it like this? Our current settings are:

Require both alphabetic and numeric characters
Complexity Requirement
- Upper Case Characters = 1
- Lower Case Characters = 1
- Number Characters = 1
- Symbolic Characters = 0 (grayed out)

If a user had a special character in their password prior to the upgrade their account requires them to change it and to not use a special character. I know we can set the first requirement to "Require alphabetic, numeric, & symbolic", but we don't want to require symbolic, only allow symbolic if they choose to.

Thanks for any advice!

Darhl

↧

Sonicwall CLI Basics

September 21, 2016, 2:18 pm

≫ Next: VPN 1/3 of Provider Speed

≪ Previous: SonicOS Enhanced 6.2.6.0-20n Password requirements

I'm trying to check the status of my WAN failover setup on a TZ-100 from the CLI connection and having a devil of a time finding useful manuals or resources on how to use this interface.

The first Dell article I found suggesting that entering "show failover-lb" should give me the info that I want. That fails with a syntax error. Entering "show" and pressing tab doesn't suggest anyting failover or load-balancer related.

It's possible that "show all" would include what I'm looking for, but without a less/more style pager this command is essentially useless. I tried googling how to get a pager setup for sonicwall CLI and again found suggestions that don't work - e.g., "cli pager" is a syntax error.

Unfortunately I also don't know what version of Sonicwall CLI this thing is running. None of the help commands say anything about version. Again "show all" would probably tell me if I could somehow see the beginning of that command's output.

↧

VPN 1/3 of Provider Speed

September 21, 2016, 6:57 pm

≫ Next: SSL-VPN server is not reachable

≪ Previous: Sonicwall CLI Basics

I've been having some slow file transfers through a site to site VPN. I've been through some documentation I found regarding adjusting the MTU at both ends of the tunnel and that didn't seem to make any difference.

https://support.software.dell.com/kb/sw4036

Both sites use Comcast as the provider. The main site is 100/20 and the remote site is 50/10. So i opened a case with support. I'm being told that the VPN will only use 1/3 of the providers speed and they are recommending I upgrade the remote site. I've been using Sonicwall's for quite a while now and set up several site to site VPNs without any problems. This is the first time I have heard that. Is this true? Can anyone provide me with some documentation that supports what Dell support is telling me?

Thanks

↧

SSL-VPN server is not reachable

September 23, 2016, 12:24 am

≫ Next: No folder sharing over Global VPN Client & Windows 10 Anniversary Edition

≪ Previous: VPN 1/3 of Provider Speed

All of a sudden our internal and external computers are getting the following error message when trying to logon with NetExtender:

ERROR:
The SSL-VPN server is not reachable. The server may be down or your internet settings may be down.

All servers and the entire network including our SonicWALL SSL-VPN 200 box have been restarted. I tried to reinstall NetExtender on my machine, but that didn’t help. I then upgraded from NetExtender version 3.5.111 to NetExtender version 8.0.238 - on my machine. Same result.

I found one of our old laptops which have not been updated for a while, and here I could log on with NetExtender version 3.5.111.

I can’t access the SonicWALL SSL-VPN 200 box portal on this laptop, and having the same problem on my machine. When trying to access the administering portal I get this error:

ERROR:
This page can’t be displayed

All machines are running Windows 7 Professional. No specific changes have been done since this was working with both VPN and portal access, except some Windows Updates.

I have tried to ping with the internal and external IP-addresses and that is actually working fine. Also tried to ping from outside, and that is working fine.

Please help, I don’t know what to do next.

↧

No folder sharing over Global VPN Client & Windows 10 Anniversary Edition

September 23, 2016, 12:32 pm

≫ Next: SSL VPN authentication issues

≪ Previous: SSL-VPN server is not reachable

I can no longer get our shared folders to work when my roaming users are connecting from outsider our network, It just started this week after Microsoft pushed out the Windows 10 Anniversary update. I have been trying to get it to work with version 3.9.22.0822 but nothing allows the files to be hared over the GVC VPN connections

What do I do to get this working again (without rolling back Windows 10?).

↧

SSL VPN authentication issues

September 26, 2016, 10:32 am

≫ Next: TZ-200 Forward Between X4 / X0

≪ Previous: No folder sharing over Global VPN Client & Windows 10 Anniversary Edition

I have SSL VPN configured with RADIUS authentication on SonicWall NSA4500.

The issue is, in the "same" Active Directory OU, some users failed LDAP authentication so they cannot log in to web interface however some user are fine. The problematic users can pass RADIUS authentication without problem.

Any suggestion?

Thanks
Calvin

↧

TZ-200 Forward Between X4 / X0

September 26, 2016, 10:46 am

≫ Next: Default LAN to LAN access now restricted to Administrator only

≪ Previous: SSL VPN authentication issues

Hello all. I am a bit new to the TZ200 which was installed at my office but I am looking to forward a request from one port to another.

Basically, I am using the internal LAN at X0 which is all VLAN1 at 192.168.1.x then with X4 being used at VLAN100 to give out .100.x DHCP and X4 at VLAN200 to give out 200.x DHCP requests.

I have a device behind the x0:1 that I would like to access from the X4:200 network. How would I go about making that request in the firewall settings? It is a specific IP/Port that will need to be accessed.

Any help would be appreciated.

↧

Default LAN to LAN access now restricted to Administrator only

September 27, 2016, 10:33 am

≫ Next: Problem with Long URL

≪ Previous: TZ-200 Forward Between X4 / X0

I have an NSA 250

A WLAN interface is bridged to X0 LAN interface. WLAN users were unable to access a VPN link set to X0 subnet so I added the necessary rules in WLAN to VPN to allow traversal which worked since the WLAN interface is bridged to and uses the same subnet.

Either as a result of, or coincidentally and only noticing it recently, the default LAN to LAN allow rule is now set to Administrator instead of all users. This only ends up manifesting in VLAN routing scenarios where by shop computers can no longer access servers...a really big deal. Logging indicates this rule as the reason for the packet dropping.

I removed the newly added rules but to no avail. The default LAN to LAN rule cannot be edited nor deleted nor a new one added to supersede it.

Comment on the rule is "auto-added Interface Trust rule."

Any advise would be appreciated.

↧

Problem with Long URL

September 27, 2016, 10:07 pm

≫ Next: WINDOWS 10 UPDATE MANAGEMENT BANDWIDTH

≪ Previous: Default LAN to LAN access now restricted to Administrator only

Model - TZ400
Firmware - SonicOS Enhanced 6.2.3.1-19n

Hi,

I am facing problem with long URL's, Only URL with character length 1396 is getting valid response, URL's length more than 1396 is getting timed out.

I doubt that there is something prevent URL's in sonicwall settings, Could anyone Please help me to resolve this problem.

↧

WINDOWS 10 UPDATE MANAGEMENT BANDWIDTH

September 28, 2016, 7:36 am

≫ Next: Guest wireless

≪ Previous: Problem with Long URL

Hello everybody

since Windows 10, updates use 100% of internet bandwidth

An apprule for manage bandwidth for Windows upadte don't solve the solve the problem

somebody can help me ???

we ave a NSA 3600 with firmware v6.2.5X

thank for your answer

↧

Guest wireless

September 28, 2016, 9:55 am

≫ Next: bandwidth management

≪ Previous: WINDOWS 10 UPDATE MANAGEMENT BANDWIDTH

Hello,

I would like to create a guest wireless network on a SonicWALL TZ 215, but we already have two wifi networks. Is this still possible?

↧

bandwidth management

September 28, 2016, 12:40 pm

≫ Next: IDM network traffic

≪ Previous: Guest wireless

Is there a way to assign a higher bandwidth to a certain website (URL)? I see how to do it via IP, but not by name.

↧

IDM network traffic

September 28, 2016, 1:58 pm

≫ Next: SonicPoint ACes keep disconnecting, reconnecting, how to fix??

≪ Previous: bandwidth management

I've been seeing a lot of IDM traffic on our network since we deployed Windows 10. It usually take up 95% of our 10 Mbps fiber line. The destination IP is Microsoft, and it looks like it's coming from Microsoft Update. Based upon this post: https://support.software.dell.com/kb/sw8914, I set up a download filter to block multiple IDM sessions during work hours, which seems to have successfully limited the IDM traffic, but I was just trying to update a new PC, and the update download kept stalling at around 45% until I removed the access control. My understanding of that app control filter was that IDM could still do downloads, but only one session at a time. Our computers are all set up to update in the middle of the night, but seems like it was happening regularly during work hours.

Just thought I'd share in case anyone else is seeing heavy network loading from IDM. Has MS always used IDM, or is this something new with Windows 10?

↧