Have a website that needs a SSL certificate for insurance purposes. Created the certificate and it works on the local network just fine but when attempting to access the website on the internet it brings up the Sonicwall login screen.
I unchecked the HTTPS checkbox in Management, created a the Public Server type for the Web Server w/ HTTP and HTTPS but still no cigar. I am no Sonicwall Guru but slowly learning.
thanks!
Setting up a site with HTTPS and I can view it on the local network but can't see it on the local network.
Turned off HTTPS Management and gone through the Wizard for the Web Server with HTTP and HTTPS and no cigar... No duplicate NAT Policies either. Not sure what else to do or check.
*I am obviously no Sonicwall Guru but am slowly learning.
Hi,
We have been having issues with the SSL VPN for sometime, but don't seem to be getting anywhere.
It's a intermittent issue that we just can't track down.
Users are able to connect to the VPN, they get an IP, and show as logged on under the GIU page.
Affected users, will always show a logon time of 0 min. If they try to access anything they can't, as it looks like all traffic is blocked.
I've run a packet trace on an affected user, and it show this. To me it looks like a Firewall policy blocking it.
*Packet number: 1* Header Values: Bytes captured: 74, Actual Bytes on the wire: 74 Packet Info(Time:02/19/2016 18:01:42.256): in:X1*(interface), out:--, DROPPED, Drop Code: 582(Packet dropped - Denied by SSLVPN per user control policy), Module Id: 27(policy), (Ref.Id: _968_qpmjdzDifdl), 18:31) Ethernet Header Ether Type: IP(0x800), Src=[00:11:22:33:44:55], Dst=[c2:ea:e4:b1:8b:23] IP Packet Header IP Type: ICMP(0x1), Src=[192.118.201.6], Dst=[172.18.1.252] ICMP Packet Header ICMP Type = 8(ECHO_REQUEST), ICMP Code = 0, ICMP Checksum = 19407 Value:[2] Hex and ASCII dump of the packet: c2eae4b1 8b230011 22334455 08004500 003c1a76 00008001 *.....#.."3DU..E..<.v....* e8bfc076 c906ac12 01fc0800 4bcf0001 018c6162 63646566 *...v........K.....abcdef* 6768696a 6b6c6d6e 6f707172 73747576 77616263 64656667 *ghijklmnopqrstuvwabcdefg* 6869 *hi *
The only fix is to disconnect / reconnect several times, until it starts to work. We can't find a pattern to this. Somedays it works fine, and other days it doesn't.
Any help would be greatly appreciated.
Thanks,
Hi all,
I have a question regarding trunk config on a sonic wall tz-205. I have a fiber trunk coming in which is terminated on a cisco sg300. From the cisco sg300 there will be a trunk into my sonic wall. All my routing and dhcp will be done by the cisco switch which is running in layer 3 mode.
Which settings do i need to apply to my incoming x0 interface from the switch and my x1 interface. Is there anyway to just passthrough the sonicwall? And how do i do it?
All help is appreciated
Torgeir
Hi!
We have three SonicWALL devices connected through IPsec vpn. When we connect to any pc behind a SonicWALL device through Teamviewer using the Lan IP address of that pc, it gives us black screen and then disconnects but if we connect to the same pc using its Teamviewer ID there is no problem.
Any Suggestions?
Thanks.
I recently upgraded our Sonicwall NSA220 to the new SonicOS Enhanced 5.9.1.5-16o Firmware. However, both of our 100Meg Cable connections max our around 60Mbs.. No other settings have been changed (however, if you would like me to check something, I would be more than happy too). Has anyone else had these issues? I was hitting 103Mbs evertime before the upgrade. If I plug the modem straight into a laptop using another static ip, I get a little over 100Mbs..
Also, when connected to the SSL-VPN, when any large amounts of traffic starts being transferred, the SSL-VPN connection drops. I have read a few post about others having this issue as well.
I have noticed the CPU usage is a good bit higher than usual after the upgrade..
Finally.. is there a way to downgrade back to 5.8.x.x?
Thank you everyone!
We got hit with the TeslaCrypt 3.0 ransomware yesterday. From what I was able to gather so far this is a new variant of TeslaCrypt that changes file extension to .mp3
User claims he clicked on a google search link (IE 11). GAV on our TZ 205 didn’t block it and neither did the local AV.
He noticed that all his files on a desktop were renamed to .mp3 so that’s how we got aware of the infection.
Is Dell Sonicwall Threats Research team aware of this variant? When can we expect the new signature to be released?
Also, is there any other way to strengthen the security on the firewall to prevent this kind of infection in the future?
I have two vlans ( voice and data ) and i want to enable DHCP server on sonicwall For each subnet (vlans).
We are changing ISP service and are getting a new block of live IP's. None of my internal IP's are changing. We host our own email and website. Right now I have round a shared T1 (with phones) and a DSL line doing load balancing. My question is, would it be easier to perform a factory reset and reconfigure from scratch or would just changing the IP settings on the WAN interface and the public IP's on my address objects be easier? Thanks in advance!
I found another appliance with only 205 GAV signatures. Current number on a working device is at 19793.
Manual import of Security Signatures (SW13657) doesn’t work. I’m getting this error message:
Status: FAILED. Please update licenses and get new keyset
Resetting Licenses and Security Services Info via diag.html page doesn’t help.
Even upgrading firmware didn’t resolve it. Any ideas how to tackle this?
Hi guys My company just won this project. I have to find a solution. I have been reading like a crazy guy for a solution. Here is a quick draw I did of what I need to do for our client.
We have 3 small sites. each one has a NSA 220. The main site has a 3600. This company has a private link to the HQ offices . Now if this Main link fails. They need to activate the VPN to forward the same traffic to the HQ. But now they want the same solution but the VPN must enter automatically. I not sure if I am in the right path. But I was reading this article at Sonicwall KB. Configuring Dynamic Route Based VPN Using OSPF. I am not sure if this my solution. However. Maybe you can give me another ideas. Some let me know if you already did something similar.
Thank you.
We are having problem with one of our web based oracle application behind Sonicwall NSA 5600. The application works fine when accessed over the internet but through IP-SEC VPN Tunnels, it takes a *** of time to load. When we ran the packet capture we found the below:
in:--, out:X1*, DROPPED, Drop Code: 593(Packet dropped - cache add cleanup drop the pkt), Module Id: 25(network), (Ref.Id: _2218_dbdifBeeDmfbovq), 1:1)
in:--, out:X1*, DROPPED, Drop Code: 63(Invalid TCP Flag), Module Id: 25(network), (Ref.Id: _5164_txGsIboemfJqQlu), 2:2)
Any Suggestions?
Thanks.
I have created a site-to-site VPN between a TZ 105 and NSA 240 but it never creates static routes. The VPN connects but no traffic will pass. Both are on SonicOS 5.8.x or higher (the TZ 105 is on the latest release version).
Whether I create the VPN on the TZ 105 using wizards or manually, no routes are created and I am left with default static routes (see attachment). I have rebooted, deleted the VPN several times, and recreated it. Once in a blue moon, it works, but obviously it's not creating routes for the VPN so can someone show me what the default static routes should be for a site-to-site VPN?
We have different department in office and they have different nature of job. Right now we have two different ISP running using sonicwall firewall. we want to limit bandwidth for different groups using these to ISP.
I have created a IP range for different groups using Address object.
We have ISP 1 - 10 mbps and ISP 2 - 6 mbps
Say for example :
Group 1 - 192.168.1.5-192.168.1.20
Group 2 - 192.169.1.51-192.168.1.60
Group 3 - 192.168.1.101-192.168.1.130
Group 4 - 192.168.1.151-192.168.1.170
We want:
Group 1 - 2mbps ISP1
Group 2 - 4 mbps ISP2
Group 3 - 3 mbps ISP1
Group 4 - 4 mbps ISP1
is it possible to achieve this?
I think what I need is a static route. I haven't setup a static route before, so I'm looking for some help.
X0 (LAN) = 192.168.10.0, gateway = 192.168.10.1
X4 (DMZ) = 192.168.12.0, gateway = 192.168.12.1
I'm trying to access a web server on X4 (192.168.12.2) from my laptop on X0 (192.168.10.21). But I don't want the web server on X4 to have any access to my laptop on X0.
I have a firewall rule to Deny access from the DMZ to the LAN, and a firewall rule to Allow access from the LAN to the DMZ.
How can I set it up so any device on X0 (LAN) can access any device on X4 (DMZ), while still preventing access from devices in the DMZ to the LAN?
We currently use bandwidth management and we have a few rules for BWM. We just upgraded our pipe. My questions is can I just go to the WAN interface and change the Ingress/Egress to the new limit and the rules I have (most are a percent) will adjust accordingly? Also is there any outage by changing the Ingress/Egress?
Thanks in advance for your help.
Hello dear Community,
i am having issues with EMail filtering file attachments.
I created a match object where it searches for file attachments, due to the recent boom of decription trojans, as seen below.
It should be scaning EMail attachments for file extensions which may contain malicious code.
It does work, but heres the problem:
Since im from germany, we have a lot of special characters (eg. ä,ö,ü,ß) and wheneer a special character is appearing in the filename, the filter just lets it through anyways.
Is there a way to fix that?
Is anyone else having this problem?
Thanks in advance
kind regards,
Axel König
Hi,
I set up the vpn from my TZ210(v5.9.1.1) to the vendor, cisco asa5510 (v8.4). I test with a continuous ping, that includes a timestamp and writes to a log. I start the vpn and it runs for 6hours 48minutes, then 'Request Timed Out'
Per the configuration documents from the vendor,
IKE phase1
Preshared key:XXXX
DH group: Group 2
Encrypt: 3DES
Hash Algorithm: SHA-1
Lifetime: 86400 seconds
IKE phase 2
Perfect forward Secrecy :off
Encapsulation: ESP
Encryp: 3DES
Authentication Alg: SHA-1
Lifetime: 28800 seconds
I'm using NAT to change my LAN addressing since the vendor has already used my subnet.
SonicWALL support has reviewed my vpn build configurations and said they looked good.
My question, Any ideas why the vpn consistently times out at this same length of time?
Thanks,
Chris
We manage a fleet of SRAs for various entities, finding that after rolling out the GLIBC vulnerability patch 8.1.0.2 on a guinea client that ActiveX RDP bookmarks no longer function. This seems to be on machines with IE11 but I'm not certain on that yet.
Almost to be expected at this point, but has anyone else encountered this? The users that've been upgraded are chomping at the HTML RDP performance.
It'd be great to get that functionality back again!
Hi, I'm trying to learn my way around an NSA3600 that was installed by someone else and have a quick and simple question about the enabling of App Control (and IPS and AV).
Our system does not have Enable App Control selected on the main page, but does show it as Enabled on some zones when you look at the Network >> Zones page. This is confusing me - is App Control enabled on the selected zones even if the main Enable tick box is not ticked?