Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

access issue with settings change on Sonic firewall

Posted on 2013-12-04
6
Medium Priority
?
403 Views
Last Modified: 2013-12-17
Hi - We've been having an issue lately where our office internet connection at times becomes painfully slow, almost to the point of stopping. Typically our speeds are 60/down - 15 up. When these "events" occur, our speeds go to 4/down and .5/up, and this optimum cable. The firewall we have is a Sonicwall TZ-100 -  I have limited knowledge on firewalls, but someone asked me if IPS was activated, and it wasnt. I activated it, and am using the 30 day trial right now. When attempting to configure it, I basically kept all of the policies at the default setting, which was to basically block/detect EVERYTHING. I'm now noticing a few things are not functioning correctly. Most importantly, I'm unable to access any of the companies computers remotely via LogMeIn. All computers are showing as offline. I've attached the list of the policies that are set to be blocked, but I cant figure out which policy needs to be opened up so all PCs/server are accessible via logmein.
ips.jpg
0
Comment
Question by:hodgem
  • 3
  • 3
6 Comments
 

Author Comment

by:hodgem
ID: 39696354
PS - I did open up the "REMOTE ACCESS" to allow that :) but still cant access remotely.
0
 
LVL 27

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39697171
Hi hodgem,

When attempting to configure it, I basically kept all of the policies at the default setting, which was to basically block/detect EVERYTHING.
The default policy is actually not enabled...you have to enable it and configure what to detect and block. I'd recommend setting it up as such:
High Priority Attacks          Block/Detect
Medium Priority Attacks    Block/Detect
Low Priority Attacks           Detect (Removing Blocking of Low Attacks should do it)
That list you attached is in App Control and again by default it is not enabled...you have to enable it and configure it.

With App Control configuring it is a process because there are many facets and many threads not entirely obvious by which enabling to block can have undesirable consequences. The process is to test as many business functions as possible (starting with the core working to supplemental) to see what is being blocked and what is not. You can see this activity in the Logs. Make sure to enable all Categories for the logging and set the logging to Debug.

Under Remote Access you can set LogMeIn = Disable/Enable so that it is being logged but not blocked. That should do it unless you have SSL Control enabled too. In which case you will need to add logmein.com to the whitelist.

Make sense?
0
 

Author Comment

by:hodgem
ID: 39705172
yes, thank you! Things seemed to have calmed down.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39705176
Your welcome! I'm glad I could help and thanks for the points!
0
 

Author Comment

by:hodgem
ID: 39725107
Hi - sorry, need to open ask another question.
@diverseit, you were very helpful last time, should I create a new question?
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39725217
Yes, by all means since this has already been closed open up a new question and I will keep my eye out for it!
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question