getting this message from NetExtender,
used to work ok, not sure what is going on ...
Best Regards,
Thanks in advance,
-Alex
↧
The server is not reachable. The server may be down or your internet settings may be down.
↧
SonicWall management interface crashing from internet probe
I have 2 SonicWalls with an early release firmware that was necessary for us to pass PCI audit compliance. Both are behaving the exact same way.
Ever sense installing the firmware the Management interface on the sonic wall crashes after a a few days in service. I believe the crash is in response to some type of internet traffic. I've been working with support and their first answer was to call my isp and have them filter the traffic because they thought it was a DDoS.,.. I didn't think there was really enough evidence to point to that so I setup a sniffer to prove that is was not a DDoS attack and called them back after I had the evidence to show this. In fact there was really very little incoming HTTPS or HTTP traffic but I did notice that the interface crashed after an automated probing venerability scan from the internet. At that point they had me set a few security filters with no improvement and finally told me to change the management pot from 443 to 4443.
Is it just me or does that really sound like a really poor solution for a security device. I mean if a generic internet scan can crash the management interface doesn't that mean that there is some type of firmware bug. Especially since this started immediately after installing the new firmware. And changing the management port to hide a bug really feels like a cheap Band-Aid not a resolution.
Any thoughts or suggestions would be greatly appreciated.
Jim
↧
↧
SonicWall management interface crashing from internet probe
I have 2 SonicWalls with an early release firmware that was necessary for us to pass PCI audit compliance. Both are behaving the exact same way.
Ever sense installing the firmware the Management interface on the sonic wall crashes after a a few days in service. I believe the crash is in response to some type of internet traffic. I've been working with support and their first answer was to call my isp and have them filter the traffic because they thought it was a DDoS.,.. I didn't think there was really enough evidence to point to that so I setup a sniffer to prove that is was not a DDoS attack and called them back after I had the evidence to show this. In fact there was really very little incoming HTTPS or HTTP traffic but I did notice that the interface crashed after an automated probing venerability scan from the internet. At that point they had me set a few security filters with no improvement and finally told me to change the management pot from 443 to 4443.
Is it just me or does that really sound like a really poor solution for a security device. I mean if a generic internet scan can crash the management interface doesn't that mean that there is some type of firmware bug. Especially since this started immediately after installing the new firmware. And changing the management port to hide a bug really feels like a cheap Band-Aid not a resolution.
Any thoughts or suggestions would be greatly appreciated.
Jim
↧
Access to Server
Hi there,
Im trying to make a Terminal Server public from outside. I have a SonicWall firewall but I cant connect to the server from DMZ.
I used the Connection Wizard to give public acces to the terminal server, I changed the TS Port in the server and when I try to connect to public_ip:port the web show an error like " Connection refused ".
Could you help me please? There are some tutorial about it?
Many thanks in advance.
↧
IPSec Configuration for BGP (Sonicwall to Cisco)
Hi,
Need help about IPSec configuration for BGP (Sonicwall to Cisco). I'm connecting to our Vendor and they want to enable the IPsec for BGP. Configuration of BGP is OK. IPsec configuration is working also.
From Vendor to our side is OK. The problem is from our side to vendor, they seeing that our packets sending are not encrypted. It seems it's not using the IPSec site to site, it's using the BGP that I setup.
This the sample digram:
I'm not sure where to troubleshoot since I'm not aware how to route the traffic using the IPSec.
Thanks in advance!
↧
↧
Packet flow through NSA Series .. ?
I have searched on the internet about a document taking about the packet flow through NSA Sonicwall from the moment of ingress to egress, i didn't find..anyone have any idea
↧
IP6 Support?
Multiple questions on Sonicwall:
1) Is there a published list of which Sonicwall models support IP6 on the external facing interfaces? Apparently Comcast is only supporting multiple static IP addresses using IP6 instead of IP version 4, so I assume my external facing firewall interface will need to support IP 6?
2) Which Sonicwall products will support both a primary and backup Internet connection, along with a third backup based on wireless? We have an office where the primary Internet will be Comcast Business, the backup interface will be a shared T3 for the building, and the third level of Internet connect would be a cell phone connected through wireless.
3) Which Sonicwall products can do sophisticated NAT rules similar to the powerful abilities in Checkpoint's VPN-1/Firewall-1 products? I want to map a pair of public IP and target port number to an internal IP and internal port number, and further I want to specify the network segment to which that packet should be directed.
↧
NTP malformed messages prior to unwanted restart of appliance
Hi,
We got a TZ105 appliance running SonicOS Enhanced 5.9.1.1-39o.
The NSA appliance made un unwanted restart yesterday, and checking syslog messages we found that
10 malformed NTP messages were received prior to restart.
Message id 1107 "Response from NTP server is either incomplete or invalid".
The time settings display no custom NTP servers, using a default list of NTP servers.
I can't find a way to relate malformed NTP messages with a restart of appliance.
Should we use custom NTP sources? Or maybe the behavior of the firewall is related with the fact that can not timestamp logs and then restarts?
Any ideas would be appreciated.
Thanks.
Best regards
↧
Need SonicWall DCHP Relay Help
Can't seem to get DHCP Relay / IP Helper working.
Site 1 = SonicWall NSA 3600, DHCP not enabled (configured on a Server); site-to-site VPN to Site 2, Setting up Global VPN Clients that will need DHCP.
Site 2 = SonicWall TX300w, DHCP enabled, site-to-site VPN to Site 1.
What is best practice for this configuration?
Should DHCP be disabled on the Site 2 Sonicwall, and let DHCP pass through the VPN? Or is there a way to keep DHCP at Site 2 and still have GVC get DHCP from Site 1?
In my initial testing, I can connect the GVC to Site 1 but I am not getting an IP address. I have IP Helper enabled, an IP Helper policy setup, DHCP enabled at Site 1, and DHCP over VPN enabled.
↧
↧
I need a little Routing help
I would like to reconfigure our NSA-2600 to have 2 WAN's and use the existing default WAN to route LOB traffic to VPN router that goes out to an AS400.
I would like the second WAN to handle the internet traffic.
ATM, it is working with 1 WAN and traffic gets routed properly to either the internet or the AS400.
I know the first step is to setup my WAN on another interface... say X5...
From there I'm not sure how to build a route. There is one already built to handle the traffic as it is now (1 WAN, 1 LAN).
TIA for any thoughts or links to tutorials. I've looked and haven't found this particular congig, but I'm sure it's popular.
↧
200mb ISP service with TZ100 100mb ports
So i have confirmed that my ISP is giving me 200mb service by taking the TZ100 out of the loop and testing. Here is my question:
Since the TZ100 has 100mb ports, would there be any speed gains to utilize my bandwidth from my ISP by splitting my network into 2 different LANs? For example, LAN 1 (192.168.0.x)-->switch-->cameras and LAN 2 (192.168.1.x)-->switch-->computers.
Would this help in the speeds I am seeing on the computers?
Thanks,
Jay
↧
Site to Site SSL VPN and double NAT
So I have been having a bit of trouble setting up my site to site vpn between two SonicWALL firewalls.
My current network configuration at one location is:
Core Router WAN to SonicWALL TZ100 LAN then to the internet the network uses the SonicWALL WAN port. So I have a double NAT currently. I created a route to my core network on the SonicWALL:
Any > Core Router LAN | Any | Any | Core Router IP | X0
Before I created this route I could not ping anything from the SonicWALL on my core router network. Currently I can use the SonicWALL Global VPN client to connect to and ping all my network resources on the core router. But if I used SonicWALL Mobile Connect or site to site vpn tunnel, once connected I cannot ping anything on my core router network.
Is there a setting somewhere I am missing? I placed the core router lan as part of the sslvpn access list. I cant even ping my core routers IP though even when I am vpn'd in.
Do I need a NAT policy created so that when I connect to the SSLVPN via mobile connect or when the site to site vpn tunnel is established, I will be able to talk to devices on that network?
I am new with SonicWALL OS so any help would be appreciated. Thank you everyone.
↧
How to block Facebook for specific users by IP in NSA 4600 Sonicwall
Hi,
I want to block facebook and youtube for some users in network by using user's computer IP or MAC and allow other remaining users to access facebook normally in Dell Sonicwall NSA 4600.
Kindly guide me how it is possible in firewall settings. Thanks
Osama Aftab.
↧
↧
DMZ TO LAN
IF I HAVE APPLAIANCE ON DMZ LETS SAY EMAIL SECURITY..DO I NEED ACL OR NAT POLICY BETWEEN THE DMZ TO LAN ???
OR JUST NAT POLICY AND ACL FROM THE WAN TO DMZ ...AND DMZ TO LAN WILL TALK WITH NO INTERRUPTION
↧
hosted emails
Dear All,
if my emails are hosted outside how i can configure them on my Sonicwall NSA250m
please help??
↧
Upgrade FW when HF has been installed
I have an NSA3600 running 6.2.2.2-19n--HF159825-1n
Now that 6.1.2.6-27n is available, am I at a loss to update FW given that the Hot Fix will not be installed nor does the documentation make mention that the HF was addressed?
↧
SonicWALL TZ300W and wireless
Can a TZ300W wireless be configured without guess wireless, just a plain WPA2 passphrase?
↧
↧
VOIP Problems Sonicwall NSA 2600
hello we have a lot of VOIP telephones. We cannot talk more than a minute - after that we got interruptions - tested on some phones.
Phones tested directly on the WAN - no problems..
here they are connected via X0 (LAN Interface) to WAN (X1)
There is an rule from LAN to WAN for the Phones - Any Destination and any Service allowed
The WAN-Traffic is ~ 10 % (10 MBit) from 100 available
VOIp Settings on the firewall:
Enable consistent NAT and enable H.323 Transformations is enabled.
| Firmware Version: | SonicOS Enhanced 6.2.2.2-19n | |
| ||
| Safemode Version: | SafeMode 6.1.0.11 | |
| ||
| ROM Version: | SonicROM 5.4.1.2 | |
Any ideas ?
↧
VPN over WLAN
VPN works fine from an internet connection. However, it doesn't work over WLAN. The WLAN is working and you can internet.
I have a TZ300W. Am I missing a setting? It looks like WLAN has access to VPN zone.
↧
Upgrading from E5500 to 5600?
When we upgraded to the E5500 (years ago), I recall just having to export the settings from the old firewall and importing them into the new one.
We're now considering upgrading from the E5500 to the 5600. According to the SonicOs 6.2 Upgrade Guide, it appears that the same kind of export/import is supported.
Does anyone have experience actually doing this? Were any problems encountered?
↧