Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

I wish to add a new syslog server to my juniper firewall and I was to specify
a destination port that would be different than the existing syslog servers.
e.g. destination 172.20.20.100 port 36000. How to make that happen?


set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog host 10.16.190.81 any any
set system syslog host 10.16.190.132 any any
set system syslog host 10.18.23.10 any any
set system syslog file messages any error
set system syslog file messages authorization error
set system syslog file messages firewall any
set system syslog file interactive-commands interactive-commands info
set system syslog file IDP_Log any any
set system syslog file IDP_Log match RT_IDP
set system syslog file traffic-log any any
0
Bringing Advanced Authentication to the SMB Market
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

I want to add a syslogging target to all PAN firewalls in my environment. How is this done in Panorama?
0
So we have an ASA5506 that is currently co-managed by two internal departments (long story).  Because of this we're currently using Duo two-factor auth with AAA for SSH access/management (user authenticates with username/password and then must accept an SMS push on their cellular device as well).  Normally we use Solarwinds NCM to automate backup device configs daily via SSH with a specialized service account, but because of the mandatory two-factor we can't use this method on the shared ASA.

I might be able to push our SecOps team for the ability to create a single non two-factor SSH login specifically for config backups, but what other secure options are there that I'm not thinking of?
0
i have a customer who needs to have emails coming into their server via two WANS right now. long story.
i have set up their lease line in and everything works fine. and connected their adsl both to a dreytek 2830. i have configured load balancing so that all outbound traffic goes over the lease line. port 25 is forwarded to thier server listening on both #WANs however it only works over the lease line. if i try  a connectivity test on the domain using the ADSL line it fails connecting on port 25.
what am i missing?
0
I have a cyberoam backup file in the form .config file extension. I want to view it in a human readable text that i can compare with others and document. What can I do to have that.
0
I have fortinet 600C with WAN interface connected to AT&T router (1 GigE). We are in process to upgrade AT&T MIS circuit from 1Gig to 10Gig. The speed is going to be throttled to 2Gig. What are my options with Fortinet 600C to get 2Gig link speed? Do we have to get two cables going from AT&T or we have to replace the fortinet? What is recommended or what should we do?
0
I have a cisco ASA 5505 firewall.  I allow RDP thru to an inside address server.
Is there a log I can view to see what ip came in through with proper user and pw.
0
hi guys

Our consultant teams have run a report for security and a good 10 people's email addresses are available on the dark web. What is the best practice from here for better securing ourselves? Change of password? 2 Factor Authentication for OWA?

Thanks for helping
Yashy
0
Hi Sir,

Would like to ask for your help about the problem listed below,

[Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xccb797a8) not found (maybe expired)

Hoping that you can help me resolve this matter.


Thank you in advance.
0
I would like to separate hard wired connections from wifi APs.  The purpose is to separate traffic and assign separate class c subnet to each group.  

Equipment used
Watchguard firebox
Qty 2 Uniquiti 24-port Poe+ 500 watts
Qty 10 Uniquiti HD access points.

Separate subnets for each group:

Hardwire users
10.1.1.1/24 on port 1 of Firebox with dchp turned in - hardwired - connects to first Uniquiti switch.  

Wifi access points
10.1.1.2/24 on port 2 of Firebox with dhcp turned on -  WiFi access points - connects to Second switch.

Problem
The second Uniquiti switch that connects the hardware connections  - port 1 disconnects or the ubiquity access points will start missing heart best and disconnect

 Firewall policy set to  any traffic can pass between the the Firebox interface ports 1 and 2.  Ping traffic passes from and to sinners with issue.

If all the devices / hard wire and access points and the two switches - are put into 1 single subnet - no issues.  

Comments would be appreciated.
0
On Demand Webinar: Networking for the Cloud Era
LVL 9
On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Residential account installed a server and SonicWall. Haven't asked Spectrum if commercial account is an option and prefer not to.

Ubee router, according to Spectrum is in gateway mode, meaning all data is passed onto the SonicWall. Problem is SonicWall will allow network for awhile however the Ubee device acts as if it competes the only way to get it to work again is by resetting. When this happens it appears the Ubee modem resets and is no longer in gateway mode. According to Spectrum a soft reset should not allow gateway mode to be removed.

Anyone know the best way to configure Ubee Spectrum cable modem to a SonicWall? Does Spectrum offer a better modem option, Ubee seems to be extremely limited.

Thank you.
0
First off let me start with I work with a school system, so I do the bare minimum w/ ASA configuration.

Apparently, different services/companies are starting to use systems w/ CDN so IP addresses change and I can no longer just white-list IP w/ ports. I have to do URL w/ ports. (URL filtering?)

I've been doing my research but having a hard time understanding how to get this all setup. I have a Cisco 5525, and manage it was Cisco ASDM 7.1, I went into -> URL Filtering Services -> selected "Secure Computing SmartFilter Port: 4005" Servers are set to: Inside my internal DNS server, timeout 30, protocol TCP and TCP connections 5.

I haven't done anything else..  I need help, Do have to configure anything on my local DNS? Where to I add the URL's ?
Any help at all is very greatly appreciated and thank you in advance!
Best,
Ron
0
as in my scenario our fortigate is configured for ssl VPN but the problem is it can connect but is not able to access the network resources and is unable to ping any internal network servers or switches.
0
Hello,

I need to configure a site to site VPN between 2 sonicwalls. I need to allow subnets 10.1.10.10. /24 (LAN) and 10.1.10.20 (WIFI) interfaces over the tunnel to the other side and vice versa.

Whats the easiest way to acheive?
0
I would like to understand the difference of persistent connection and keep alive. Is it only applicable to HTTP protocol? Thanks!
0
Hi All,

We got Linksys LGS552p switch, and TZ400 Firewall.
behind a "AT&T Modem"  , but we have external IP for the TZ 400.

I need to setup VLANS, 90 for workstations, 20 or servers and 50 for voice.

am I missing any hardware to route between the VLANS?
where should I start with first?


thanks
Jason
0
We have two sites each with a SonicWall on the perimeter.

I have written out the site settings for each location.  In the document I have prepared they are referred to as Main Site and Remote Site.
Every now and then the VPN will stop working.  We go in and check it, change nothing then check the other end, check and change nothing, then at some point it will start working again.
We could be down for a long as 30 minutes.  We are getting frustrated with SonicWall support as they cannot tell us what is causing this problem.    

Would anyone be able to review our setting if I attach them to this question?
Is there an alternative to VPN?  

HELP!

Kevin
0
I am setting up my hardware firewall to issue DHCP IPs and associated DNS servers (8.8.8.8) instead of having my Windows 2012 R2 server do DHCP

 1. What method do you recommend I use when decativating DHCP on my Windows 2012 R2 server ?
         a. stop the DHCP service OR
         b. uninstall the DHCP role OR
         c. click "Deactivate" via the DHCP console like https://technet.microsoft.com/en-us/library/dd183590(v=ws.10).aspx talks about

 2. Do I need to do a release/renew on all non-static devices (i.e. a few switches, a few PCs, etc) after doing this so my firewall does not issue IPs that were already issued via the Windows 2012 R2 and have leases that are not expired yet ?

 3. Anything else I need to know ?
0
Hey all, i have an issue that external calls has noise, delayed audio from the external side. Internal calls are fine.
We recently changed from the Telstra supplied modem to a Draytek Modem. All ports have been opened up the same as they were on the Telstra one, all lines and SIP registered straight away, however i have not been able to resolve the noise.
As Draytek have alot more advanced firewall settings, QOS, I'm not sure what feature / settings i need to change to test.
We are running freepbx 2.11.

Thanks
Matt
0
Free Tool: ZipGrep
LVL 9
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Hello,

Trying to create a Site to Site between our TZ215 and Azure:
VNET1 - Address Space     = 10.1.0.0/16
               Subnet  range      = 10.1.0.0/24

GatewaySubnet                  = 10.1.1.0/24

Virtual Net Gateway           = VPN
                                               = Policy-based
                                               = VNET1
                                               = VNET1GWIP  (created Public IP)

Local Net Gateway             = RP_OFFICE
                                              = Public IP address of SonicWALL
                                              = 192.168.250.0/24 (LAN network on SonicWALL)

Connection                          = Site-to-Site (IPsec)
                                               = Virtual Net Gateway
                                               = RP_OFFICE
                                               = Shared key that matches what's configured in the SonicWALL

SonicWALL:
 General Tab                         = Site to Site, IKE using Preshared , IPsec Primary = Public IP of Azure, IPsec Secondary = 0.0.0.0, Local & 
                                                   Peer IKE ID = IPv4 address
Network Tab                         = LAN Subnets, Azure LAN network
Proposals Tab                       = Main Mode, Group 2, AES-256, SHA1, 28800, ESP, AES-256, SHA1, 3600
             
Seeing the following in the SonicWALL log:
  SENDING>>>> ISAKMP OAK INFO …
0
There are two sets of Sonos one on the main network and anther on the guest network.

Do I need to get anther bridge/ adapter for the guest network ? the main has one.
0
My Sonicwall has blocked access for several website but I can't any log inside my Sonicwall. Any idea ?

CFS Block
CFS Log
0
I have custom the CFS URL filtering on my new Sonicwall TZ300. It works fine from LAN to WAN.

Try to customize the same setting from my WLAN to WAN but it doesn't block those prohibted URLs as expected. Any idea ? Is there a place in Sonicwall to check where it is passed or blocked ?

Thx

CFS
0
Hello,

I have an ASA 5525X and have been asked to dedicate a portion of the bandwidth for our lead physician. We have a 100MBps pipe and she would need 30MBps dedicated for her use only.

How do I do this? Step by step instructions and commands would be very helpful.

Thank you in advance.
0
Hello,

If I have ASA active/standy and I want to upgrade the iOS version on the primary, do I need to also upgraded on the standby or will it do it on its own.
0

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.