Hi ,
I am using windows RRAS and its working fine with pptp , now i need to configured with l2tp along with pptp using preshared kye.
the problem is sonic wall frwall wont allow LT2TP traffic and port 1701 to windows server ,On sonic wall log say phase1 negotiation fail .
Hello all,
I have sonicwall TZ400 currently in
SonicOS Enhanced 6.2.3.1-19n version, and I am looking to upgrade the firmware to a newer version,
what firmware version number you advise me to upgrade ?
and how to download please?
any reply or help is highly appreciated
B regards
I am installing a new TZ600 for a client. This is replacing 2 retail firewalls (Linksys). They have a somewhat unique setup currently. Here are the particulars:
One ISP connection, fiber (10Mbps up/down)
One ISP connection, coax (100Mbps down/5Mbps up)
Fiber connection attached to Linksys firewall, flat network. Linksys firewall LAN port connected to 48-port switch for all wired connections. No wireless.
Coax connection attached to Linksys firewall, flat network. The sole purpose of this firewall is wireless access to Internet. No connection to wired LAN.
I would like to eliminate this disparity and give them a little more benefit from their 2 ISP connections. Here is the end result I desire.
Both ISP connections plugged into the TZ600.
New access point that has the ability to tag SSID's with a VLAN ID.
A new corporate SSID that is tagged with VLAN ID 100 that can communicate with the wired LAN and use the fiber ISP.
A guest SSID that is tagged with VLAN ID 200 that is blocked from communicating with the wired LAN and uses the coax ISP.
I'm not looking for a step-by-step on how to set this up. I just want to know if this is even possible with the TZ600 and possibly an overview of the configuration.
Thank you for taking the time to read
Hi All,
We've been asked to implement a captive portal system on top of an existing Sonicwall/Sonicpoint infrastructure
Using SonicWall's own LHM documentation i have followed it to the letter, but whenever i attempt to post an authentication back to the externalGuestLogin.cgi form it getthe error:
"The underlying connection was closed: an unexpected error occurred on a send"
Has anyone else come across this and what did they do?
I'm trying to create a guest wireless network on a TZ 400 that already has a private wireless network setup on it.
I've looked this up and found enough different methods that it's muddled to me without any clear guidance on just how to do it.
I tried creating a Virtual Access Point. There is already one for the private wireless. But it doesn't show up on wireless devices.
So I'm trying to determine if I need to start over or if what I've done so far is good and I just need to do more. Any help would be appreciated.
Thanks,
Jonathan
Hi Sonicwall Team,
I would like to ask if it is possible to route a specific application to a specific wan interface.
This is my senario, I have two WAN/ISP configured as load balance, and I want to route a specific app like (skype app) to use the back up WAN. Is that possible?
I have a little background how to route services using routing policy but I just want to know if Sonicwall has a way around just to route a specific app.
I'm seeing a lot of these entries in the logs of many of our Sonicwalls today. All the IP's are hosted by Google. Are these false positives?
Hi,
I have a problem. I've deployed a dozen of SonicPoints ACE firmware 6.2.6.0 with the last release of firmware. Most of these SonicPoints are powered with PoE switches.
I have two sonicpoint for each switch so I'm quite sure that is not a network-related problem, otherwise all the two sonicpoint attached to the same switch would be non responsive.
Randomly only one sonicpoint freezes and became non resposive. The only way to restore is reboot the sonicpoint itself.
Logs downloaded from the sonicpoints contains pretty useless informations even because when the soncipoint became unresponsive stops sending logs. So, now I'm trying to recreate the situation with a console cable directly attached to the sonicpoint in order to understand what's happening.
Obviously this situation is not acceptable.
I verify the cabling and all is ok. The SonicPoint ACE are powered via PoE.
Anyone with a similar problem ? Can you help me? I open a ticket with the support for the problem.
Does anyone have experience upgrading a TZ180 to a newer model? I am trying to figure out if it will be possible to apply my current settings to the TZ500 without issue or if I will need to go step by step and fill in each category. Also is there any documentation for such a big upgrade like this?
Does anyone have any good links / videos for someone who is new to Sonicwall?
Matt
I have dual WAN setup with an NSA250. X1 is a Comcast cable modem connection and X2 is a DSL modem connection. I have them setup to do proportional load balancing with a much higher percentage going to the faster cable interface. I would like to designate a couple of specific devices on my LAN to only use one of the interfaces as long as its active. Can I do this by using the MAC address of these devices?
Hi, I have a bit of curly question here I would like to ask someone.
I have inherited a bit of a mess from someone and have a site here that has SonicWALL NSA 3600’s.
The issue I have is that this site uses “router on a stick” for inter VLAN routing and is connected to a managed MPLS network. The managed routers (use that term loosely) have a single configured interface with multiple sub interfaces. So my LAN and WAN effectively come into the network on the same port.
Do you think it is possible to cable the SonicWALL as per the diagram? and use VLAN’s to separate the WAN and LAN traffic so it can effectively have firewall rules etc applied to it.
Also do I simply NAT traffic from the LAN interface on the SonicWall so it is then able to be forwarded to my Core stack and then onto hosts? Bearing in mind that the data must go to the router and back to be routed across VLAN’s.
Does anyone have any tips hints suggestions?
Red = WAN
Blue = LAN
Green = translated/port shielded LAN
Good afternoon, all!
I'm working on finishing a tunnel interface VPN between two datacenters. When this VPN was first set up, we wanted the firewalls to route over the VPN if the current MPLS link was offline. In order to do this, we had to set up a tunnel interface on each firewall and make monitors to trigger routing changes.
Is this currently true of the 6.2 firmware stream, or do we still need to use the tunnel interfaces and route monitors?
Thanks!
Gregg
We have a TZ300 that is fairly new, we use it as the router and wifi ap for a satellite office
It sits on a UPS (first thinking it may be power related) and connects to a cable modem (Comcast) for an office of 5 people.
every 1-2 weeks randomly it would lock up and everyones inet would not work, during this time there is an amber light next to the wrench icon on the appliance. A few seconds after it would power cycle and reboot and then a few mins after it is up everyone can connect again.
This is very frustrating and annoying, has anyone else had this issue? I had to buy another device (Fortinet) to connect all the IP Phones so the phones won't go down. I want to resolve the issue and do not wish to move everything to the fortinet.
When users connect to the web interface of our SonicWALL devices (either port 80 or 443), they see "Server: SonicWALL" sent back in the response headers. From an attacker's perspective, this is useful information because they can now look up recent SonicWALL vulnerabilities and try them out on us. I would prefer not giving helpful information to an attacker.
How can we stop including the Server header in HTTP/HTTPS responses?
Hello everyone,
I am using Sonicwall 5.9.1.7-2o and I can not find a way to block Youtube.
I have enabled HTTPS content filtering, I have put Youtube in a custom blocking list, I have also put every category as forbidden and finally I have enabled Youtube for schools, but nothing works...
If you have another idea to block it that works, I would like to hear it.
Thank you
Hi,
I have a pair of nsa3600 in HA mode. Current version is 6.2.0.1-24n。
The main usage of the box is Site-Site VPN and SSL-VPN。
Every few weeks or days, one of the unit will reboot。
And I can not find create numbered tunnel interface in UI, which is missing?
So, I want to upgrade to new version or downgrade to general release 6.1.1.12-41n.
I found there are two new version - 6.2.6.1 and 6.2.5.1. I don't use CFS feature.
So, which version should I take.
Any advices?
Thanks!
Good afternoon!
I just had an update to Firefox and now I can't open the interface to my NSA 3600 firewalls. I had been able to make a local exception to the security settings to get to the firewall management.
No longer. I get the Secure Connection Failed with an error code of SSL_ERROR_NO_CYPHER_OVERLAP. I did some checking and I should be able to disable that check by going into the Firefox config and setting security.tls.version.min to 0. Does not work.
Anyone still using Firefox to manage their firewalls? How have you resolved this?
I can still use IE for now, but that's kind of lame.
So we are just a small animal hospital here, small network, couple VoIP Phones and a few workstations.
currently we have an obsolete sonicwall device and a Citrix server running a virtual Windows 2008 Domain Server along with another virtual windows 2008 server for our database.
We have had a lot of issues with the setup and we have to change things ASAP.
I setup a server today a windows 2008 R2 as a domain server in its own box, I also have a new Sonicwall TZ300 Licensed ready to setup as a replacement of the current appliance.
I have not worked with Sonicwall devices before this little network, so I'm kinda just learning as I go.
Whats my best plan of action?
I was thinking..
disconnect the workstation/VoIP network switch,
that way when I setup the new sonic wall I will only have three devices on the network.
so it will look like this...
ONT Internet Access->Sonicwall->4 port Switch->Domain server
Then run the Sonicwall setup wizard, after I run the setup I just need to have Internet Access.
I tried setting up the sonicwall previously and was on with tech support for 4 hours. I have not registered the new device yet since I wanted to be sure I can get internet access on the new device.
the domain server is also a DNS server, are there any issues I will run into that I need to know about before the switch over?
I'm going to setup the port forwarding, VPN, and VoIP a day or two after I do the switch. so really all I'm worried about now is just makeing sure I will have an internet connection after I do the switch.
thanks,
Nate_Bro
Hi,
My NSA3600 keep drop traffice from a gre tunnel send from a remote VPN host to one of my local host.
The log show following message:
Time | 13:38:58 Nov 18 |
ID | 1376 |
Category | Security Services |
Group | Attacks |
Event | Nestea/Teardrop Attack |
Msg. Type | Standard |
Priority | Alert |
Message | Nestea/Teardrop attack dropped |
I have try to add exclude IP in IPS Exclusion list. but no effect.
How can I exclude the remote host or local host to stop this alert?
Thanks,
Jerry Han
I have two sites connected via vpn. When I put in the IP for my dns server at the local site I cannot resolve the url for the webserver sites. The web server sits at the other end of the VPN tunnel. However, I can ping and do a nslookup of these sites. If I take out the dns record for the local dns server I am able to externally get to the Webserver sites. Please help.