I just called in tech support as I had hoped that after all this time they would have figured out what changes to the firmware made VPNs to fail.

But instead I get the dangerous advice to rely on an old firmware that is nearly 1.5 years old. When asking support what has changed, they tell me that the way they work is to do the upgrade first and then trying to fix everything that might have broken. Wow. Does anyone in 2016 still operate technology infrastructure like that?

Unbelievable.

We have been installing Unifi AP's running off a Dell Sonicwall port at multiple installations for over 6 years with no problems. We are now upgrading both the Sonicwalls for improved security purposes and the Unifi units to add increased range and 5ghz.

The Sonicwall's are Dell Sohos.

The Unifi units are AP-AC-LR and AP-AC-Pro (we've also tested with the older Unifi units which are 2.4 ghz only with the same results.) Running off the X4 port.

The old Unifi AP's work OK with the old Sonicwalls.
The new Unifi AP's work OK with the old Sonicwalls.
The old Unifi AP's work OK with the new Sonicwalls sometimes.
The new Unifi AP's DO NOT work with the new Sonicwalls.

Our wifi monitor shows an initial connection and available wifi, that lasts for maybe a minute or so, then the wifi goes off the air. Resetting the Unifi POE does result in the Unifi appearing on the air again for about for about a minute or so.

Both the Sonicwalls and the Unifi AP's are running the latest firmware.

Any suggestions at what to look at would be appreciated.

Thanks

Have been trying to set up blocking email attachments with a .docm filetype. Followed these old instructions at support.software.dell.com/kb/sw8351 Tested with a file with a .docm file type attached to the email and email still arrives with the .docm file attached and the inside is still intact.  

We are testing this using a TZ 105 with the latest firmware.

Any ideas would be appreciated, thanks.

My SRA1200 uses an admin account with a one time password set. We have moved email services, and I can no longer login as admin on that appliance, but cvan login as a user which does not use OTP. Any ideas how can I recover the ability to log on as admin ?

Thanks

Tony

Hi,

Below to remote Data Centre : DCA and DCB. I would like the SonicWall at DCA to be teh Primary unit and teh one at DCB to be the secondary Unit in case of Failure. I am thinking using site to site vpn in order to get the HA working ? Ha will use the interface x5.  Now i am wondering if that something we can do ? most of the active/standby design have the 2 sonicwall at the same location so directly connected, which is slightly different of mine..

Thanks in advance

One of the reasons we have not yet upgraded to Windows 10 is that, as I understand it, it is not supported by the McAfee enforced client anti-virus, and there are no plans to support it. Instead they are apparently coming out with a new product some time in 4Q (any time now, actually). Is that still correct?

I also recently noticed that there is a Kaspersky enforced client anti-virus product available now that does apparently support Windows 10. However, that requires a separate license. Is it possible to have a McAfee license switched to a Kaspersky license?

If anyone has answers to these questions, they would be appreciated. Thanks!

Hello,

I am trying to setup my VM to operate on their own VLAN ID so that they are isolated from each other in terms of networking.

I have a hyperV 2012 server, cisco sf300-24 (layer 2 mode) and a sonic wall.  I want to have each VM on its on separate subnet, isolated from each other using VLAN IDs.  I believe I am stuck at setting up the switch and sonic wall to accept this traffic from the server.

I have already assigned a VLAN ID to each VM on the server but I am not sure on my setup on the switch.  I believe, I have to setup the port that is connected to the server as a Trunk so that it can handle the multiple IDs and then another port that is connecting to the Sonic wall as a Trunk as well.

I am also using the GUI to do this on the switch.  

Is there a guide that I can follow or someone point me away on a path?

I have a NSA240 running 5.9.1.1 OS.  I have a LAN zone in X:0 and a Public zone in X:7 (This version only lets me configure Trusted, Public, Wireless, and SSLVPN zone types in the menu).  I have created the Public zone to test some high security settings, and I therefore wanted to create all inter-zone rules manually instead of automatically, therefore the Public zone is NOT trusted, and no rules are configured automatically.

As such, I know that by default, the Public zone is denied access to any LAN zones by default.  However, I created firewall rules allowing traffic (testing with any-any-any= allowed), and found that I cannot communicate between the two.

Since this is not utilizing NAT, I need not configure policies.  I just want to allow simple end-to-end communication between the zones with specific devices (but first, I want to test with the least specific rules to make sure it works before tightening security).  As such, I cannot get communication working between the two.

Note: I am NOT going to enable Trust on the new custom zone, as I do not want automatic trust level between my LAN zones and this.  This is supposed to be a higher security zone and only specific communications will be allowed.  Aside from firewall rules, what else do I need here?

Hello,

our company has changed firewall hardware and get a NSA 2600 (6.2.6.0).

We still do a implementation for the new one and sonicwall still on test environment.

We have 5 store and 3 different wi-fi to identify the zone.

The old configuration has a 3 static arp gateway on LAN interface , each for one wi-fi gateway.

In the sonicwall we add a static ARP each for one wi-fi gateway( 192.168.200.0/192.168.201.0/192.168.202.0)

Our LAN class is 192.168.0.0 .

We created a network objetc as lan zone for each wi-fi and add to routing (to and form each entwork object).

I also add a access  roule in LAN-LAN from lan subnet to each wi-fi network  and vice versa.

We have about 12-15 access point on each wi-fi and  the device  connect to and redirect RDP session to LAN server.

The old firewall works great with this configuration.

The problem is that:

the laptop / tablet or any device should connect to one of the access point get a LAN ip from DHCP internal server.

I try to start RDp sessione but has a long time and it was very unstable.

I try to ping the remote server and ping time goes from 800/1000ms  to 2000/2500ms.

That is impossible to work on RDP enviroment.

I try to set up new access roule but without success.

I call support but the answer is that "if the problem still in test enviroment , support can't supported that".
Some one could help us ?

Thanks

Matteo

Good afternoon, all!

I'm looking to implement global bandwidth management on my NSA 3600 firewalls.  We're running 6.1.1.8-25 firmware (can't go to Early Release per company policy) in two datacenters.  

I want to throttle bandwidth on two connections.  First, I'm moving the office network to its own subnet, running off one of the firewall ports, probably X4.  I want devices in that zone to only use up to 50% of the total WAN bandwidth, currently 10Mbps from the carrier. All other zones and networks should have full bandwidth available, with no limits. 

The second connection is a Platform as a Service stack, running off another subnet and firewall interface (X5, if memory serves). On this zone I want to set a limit on the use of an MPLS circuit between my datacenters. This is a separate network in the LAN zone. I need to throttle this so I can start running virtual machine backups across the MPLS.

Is there a document or group where I can get a feeling for how to best configure and run this? I'm not keen on calling SonicWALL support for this, but if needs must.......

Further details on request. Thanks very much to all for looking!

Gregg

Hi, a friend called me for a help: realize and setup connection for a VoIP system between 15 offices and the Central Office.

In the Central Office we have about 50 IP telephones, the VoIP station with 30 urban lines, and a fibre connection 100d/20u Mbps.

In every office there are about 6-10 telephones, and I think is enough a HDSL/ADSL line, minimum 10d/2u Mbps

We want to connect all the offices via VPNs: 

* site-to-site

* only VOIP traffic

In my mind every office has is own site2site VPN with the C.O.

In C.O. a bigger firewall has all the 15 VPNs up.

I think that 15 Dell-SonicWall SoHo firewalls for offices and one TZ600 for the Central Office is a good hardware choise for this system, but I have no experience about more than 3 or 4 VPNs on one FW.

Someone have suggestion? Is the architecture right? Is firewall choise eight?

Sorry 4 my english and thanx!

Ok.. This should be simple for someone, but I am at a loss for some reason.

TZ215

WAN is dynamic incomming (X1)

Port X0 - X5  Simple DHCP LAN ports (lets say with a 192.192.19.1-15 scope)

But I also want port x6 to have a WAP that is using a static address of 172.17.17.2..

How do I get x6 to work? I have run myself in circles between new zones, and address objects, but I have not found the solution.. so my poor WAP has no internets still.

Assistance please?

i have a website that have online application to fill. the website is openning fine but when i try to open the application in the website to fill it.. it gives me no display page ...

Sonicwall NSA2600: 

category of the website is not blocked...its category business/economy

what would be the cause of the problem...

hi!

i have a problem with a webpage, i can add to sonicwall content filter

the url is:

www.infovtv.com.ar:11360

is a web for automobile review, if the car does not pass the review, this could not circulate.

from my cel phone i can access without problem, but from nsa 3600 i have error page.

i need resolve this because, government have many pages with this type of url.

Can someone please help me?

regards,
Carlos

Dear All,

My client want to buy Sonicwall TZ series, he want to use;

1. Spyware and Virus Protection

2. Integrates with LDAP directory for user mgmt.

3. Set specific policy for non-LDAP users

4. Outbound webmail (gmail/yahoo/outlook) tracing 

I think use UTM is ok, and i find sonicwall can connet AD server by ldap, but can it using ldap user to set ACL not using IP? for example, in AD have a username is user1, i want to set ACL for this user by username "user1" not by user1's PC IP address.  

And my client want outbound webmail tracing. I have not any experience about this i don't know which product can do this.

thanks

Hi,

We have started using the latest version deployed on our company machines updated via SCCM.

But the version on the SRA is still the old version, how do I get that to update so that when users logging on via personal home PCs on the HTTPS URL still get the latest version?

Thanks.

Hello all.

I have site A (main) and B satellite office with IPsec VPN tunnel (Sonicwalls).

At this time, everything is working great for the phones on both sites and I was using options 128, 129 and 130 in the DHCP server (Windows). I am trying to setup two VLANs for data and voice and have Windows DHCP server still give IP addresses. The Mitel 5000 phone system is at the site A.

I am trying to figure out how to do this starting on site B since it’s only one phone there.

Diagram site B:

Windows server 2008 R2 –  192.168.127.9

DHCP server with two scopes ---

Main scope 192.168.127.0 with options 03,06,15 and 43 for Mitel Phones with value id:ipphone.mitel.com;sw_tftp=192.168.123.7;call_srv=192.168.123.7;vlan=10;l2p=6;dscp=56

second scope 192.168.10.0 with 03,06,15, and 43 with value id:ipphone.mitel.com;sw_tftp=192.168.123.7;call_srv=192.168.123.7

Switch –  SG200-26P – 192.168.127.5

Default VLAN – all ports are trunk and untagged

VLAN10 – all ports are Trunk and untagged except port 1 and 2 tagged for the phones.

Router – Sonicwall TZ600 192.168.127.1

Setup IP Helper and created IP Helper policy to forward from X9 (network interface) to (DHCP server) 192.168.127.9

I plug in the phone to port 1 on the switch and a computer to the phone. The computer gets it’s IP address just fine from scope 192.168.127.0 but the phone boots up and go to DHCP recovery and gets the VLAN ID (10) and then it releases to get the new IP and then it gets stuck on DHCP Discovery Option 43:43 for almost couple minutes and then it says DHCP timed out and then tries again and again with no success.

I tried everything that I could think of and no luck.

Finally, I decided to capture the packets on Sonicwall for ports 67 and 68 and see what happens, and then this is what I found (two messages)

The first -

DROPPED, Drop Code: 198(DHCP server, Ingress interface is same as egress interface.), Module Id: 19(ipHelper), (Ref.Id: _440_krjFjerTgnc{VqUgtxgt) 0:0)

With the following Hex Dump:

ffffffff ffff0800 0f776df1 08004500 01541000 00004011 *.........wm...E..T....@.*

 699ac0a8 7f01c0a8 7f090043 00430140 bc200101 0601327e *i..........C.C.@. ....2~*

 e7df007c 80000000 00000000 00000000 0000c0a8 7f010800 *...|....................*

 0f776df1 00000000 00000000 00000000 00000000 00000000 *.wm.....................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00006382 53633501 013d0701 *..............c.Sc5..=..*

 08000f77 6df1371a 0103060c 2a2c3336 3a3b4278 81808283 *...wm.7.....*,36:;Bx....*

 84858687 e08a7d2b b2b33c12 69707068 6f6e652e 6d697465 *......}+....ipphone.mite*

 6c2e636f 6d007c05 00000403 00390205 dcff              *l.com.|......9....      *

The second -

DROPPED, Drop Code: 130(Broadcast traffic not handled.), Module Id: 25(network), (Ref.Id: _8078_jcpfngDtqcfecuvRcemgv) 0:0)

With the following Hex Dump:

ffffffff ffff0025 64f91333 08004500 019a0b07 00008011 *.......%d..3..E.........*

 ee9ac0a8 7f09ffff ffff0043 00440186 e2ae0201 0600327e *...........C.D........2~*

 e7df0000 00000000 0000c0a8 7f33c0a8 7f090000 00000800 *.............3..........*

 0f776df1 00000000 00000000 00000000 00000000 00000000 *.wm.....................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00000000 00000000 00000000 *........................*

 00000000 00000000 00000000 00006382 53633501 020104ff *..............c.Sc5.....*

 ffff003a 04000546 003b0400 093a8033 04000a8c 003604c0 *...:...F.;...:.3.....6..*

 a87f0903 04c0a87f 010608c0 a87f09c0 a87b092b 5a2b5869 *.................{.+Z+Xi*

 643a6970 70686f6e 652e6d69 74656c2e 636f6d3b 73775f74 *d:ipphone.mitel.com;sw_t*

 6674703d 3139322e 3136382e 3132332e 373b6361 6c6c5f73 *ftp=192.168.123.7;call_s*

 72763d31 39322e31 36382e31 32332e37 3b766c61 6e3d3130 *rv=192.168.123.7;vlan=10*

 3b6c3270 3d363b64 7363703d 353600ff                   *;l2p=6;dscp=56..        *

I tried to search on the web and couldn’t find anything, even Dell just list the error message with the code but don’t tell you the solution.

Please, if anyone can tell me what I am doing wrong..

Let me know if I missed any information or you need any more…

We all know about the massive Cyberattack against dynDNS. A considerable part of the attack came from IOT, like switches, routers etc. which are infected by mirai botnet. Does sonicwall firewalls have protection against threats like mirai? how can I check if my firewall is infected or not?

Hi All

Have anyone experiencing Netextender trying to connect to the server immediately after starting and then crash or refuse to connect to the server? Netextender was working fine last week, however this week Netexender automatically try to connect to the server then produce the following message:

"The server is not reachable. The server maybe down or your internet setting may be down"

Clicking on the "Reconnect" button will immediately freeze the program instead of taking me back to the log-in screen.  This is happening across our company on multiple machine.  The server is on and running.

Note:  I don't have any machine not running window 10 at this moment, so I will test it on a non-window 10 machine when i get a chance.

I have a firewall running 6.2.6.0 (one of the hotfix versions)

I'm doing more and more work in the CLI - and had a couple questions:

1. is it possible to configure anti-spyware on the CLI, and if so, how? (I figured out how to do IPS, GAV, and App Control, but can't seem to find a section for anti-spyware)

2. how can one programmatically locate existing rules on the firewalls?  (I want to be able to turn on things like WAN management, then edit the resulting 'auto rules' to restrict the source IP for them. It seems though like the policy numbers are assigned on the fly - i tested with 4 firewalls (same models, configs (default) and OS) and they assigned different id numbers to the auto-generated rules.

Thanks in advance,

Chris