Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

We currently have a fairly simple set up, we have ONE public Web Server IP.   Our In/Out path is ISP line to our Cisco ASA/Firewall to our Host Server.    We use Static IPs from the ISP.   Our objective is to achieve highly reliable access to our Web server.  

We are looking at solution such as DNSMadeEasy + DNS Failover.  

Would the following plan work?
1) We'll acquire a new ISP #2 service as backup for our ISP #1 service.
2) We'll acquire a new Switch. On site our location we'll plug the two lines from ISP #1 and ISP #2 into the new Switch.
3) Run a single line from this new switch into our existing CISCO ASA router, and add configuration rules to Cisco for the new source IP addresses to mirror the rules already there for NAT, port forwarding, etc.

Any recommendations would be appreciated!
0
Who's Defending Your Organization from Threats?
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

0
Hi Guys,

We have an IP block from the ISP
Thus a couple of public IP's assigned, example:
196.31.231.80
196.31.231.81
196.31.231.82

Our NAT policies on 196.31.231.80 over X1 interface is working well.

I've been trying to setup additional NAT policies on 196.31.231.81, but experiencing a connection issue.
Which brings me to the following questions:

1.  Is it necessary to setup a Virtual Interface for 196.31.231.82 on X1?
(255.255.255.0)
Or could the NAT rules simply refer to X1?

2.  I tried setting up a Virtual Interface on X1 for 196.31.231.82, but it complains about the same subnet used,
What should the subnet for the Virtual Interface be?
0
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      

Thanks!
0
hello,  i want to use two different isp on sonicwall equipment, i want one isp as primary and the other as back up, i want it to switch automatically when the primary is down
0
I have a mail server on the inside of my network, I have established all of the ACL's and NAT Statements on the ASA and traffic is flowing correctly inbound. However when the mail server sends traffic outbound ( to external networks) it uses the ASA Primary IP on the outside interface. I would like to force the outbound traffic to external networks to use a particular IP Address (the one that is NAT'ed) for SMTP. As the NAT Statements are already in place and functioning is this a matter of using an extended ACL? If so how should it be constructed? Thank you in advance for the assistance.
0
Hello everyone,
A client of mine is having an issue with their wireless.  They have been reporting that the passwords were getting rejected so I updated the passwords and then the same thing.  I have tried rebooting it, which normally used to fix these issues but now does not.  They have two ssids, one for employees and one for guest and they are configured in a virtual access point.  There are no more firmware upgrades for this model, my next step would normally be to upgrade the firmware.  We have recommended upgrading this Sonicwall as it is no longer supported as well as having a separate access point in the past.  I honestly think that this would be the only solution at this point, but out of good customer service I am reaching out to you guys to see if there is anything else that I can try.
0
Hi Here is Opengear IM4216. I could not find relative document on it. Is it layer2 or layer3 device? What kind of device is it? Thank you
0
Hi
I'm deploying sonicwall cert from a firewall to all my windows clients.
The certificate has been distributed by GPO.
I'm having a problem with java apps (idrack) which can't connect.
I've imported this to my java store but the same issue appeared.
Eventually I will need to distribute this to all my Win and Mac clients.
0
I have an SBS 2008 Domain.  I have added an additional server.  Internally, I can access the new server via RDC.  When attempting to access the new server from outside the network it will not connect.  In my firewall/router I have redirected terminal services pointing to the public static IP address of the new server to the private IP address of the server and kept the 3389 port (for now).  Will not connect.

What am I missing????
0
The Firewall Audit Checklist
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

I need to add one of our vendors IP's to our Sonicwall so they are not blocked.

How?
0
HI
I'm just implementing a DPI inspection and I've download a key from my sonicwall firewall.
This cert. has been distributed to my PC over GPO.
How do I distribute the same cert to my MAC clients  ??
0
Dear Sirs, i have configured an ASA 5510 with 4 interfaces (Outside, DMZ, Inside, Branch_Offices). On my DMZ I have 3 servers: DNS, Mail and Web, but i don't know how to do that (Now i have traffic from outside to a unique server in the DMZ. I need from outside can get into the website and send emails to people into the inside. I have traffic from inside and dmz to outside

Here's the configuration:

: Saved
:
ASA Version 8.2(1)
!
hostname ASAFCHFW
domain-name MYDOMAIN.COM
enable password kFJzUkFi3silH1Ye encrypted
passwd PVSASRJovmamnVkD encrypted
names
name A.B.c.d BCP description BCP
name A.B.0.0 Linkser description Linkser
!
interface Ethernet0/0
 nameif Outside
 security-level 0
 ip address x.y.z.131 255.255.255.240
!
interface Ethernet0/1
 nameif Branch_Office
 security-level 100
 ip address 192.168.2.1 255.255.255.0
!
interface Ethernet0/2
 nameif DMZ
 security-level 10
 ip address 172.16.31.1 255.255.255.0
!
interface Ethernet0/3
 nameif Inside
 security-level 100
 ip address 192.168.0.2 255.255.255.0
!
interface Ethernet0/3.1
 description Inside
 vlan 1
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3.2
 description ServerFarm
 vlan 2
 nameif SvrFarm
 security-level 100
 no ip address
!
interface Management0/0
 nameif LinkserNet
 security-level 100
 ip address 172.16.6.2 255.255.255.252
!
!
time-range ilimitado
 periodic daily 0:00 to 23:59
!
banner exec # WARNING!! Unauthorized …
0
Uverse: 195.10.10.105
Sonic Wall TZ300w: 195.10.10.106 (gateway address: 192.168.1.1 for private subnet over x0 lan port)

I want to setup a guest wifi channel on the sonic wall that has no access to the 1.1 network
Then, I want to setup a hidden wifi channel on the sonic wall that has access to the 1.1 network.

Should I setup vlans for this?

vlan 1 - default  - guest wifi
vlan 2 - private subnet assign to 2nd wifi channel.

I would like to set this up all behind the sonic wall, but If I can't have 2 channels, I suppose I can set a guest network up on the ATT router, although I would rather not do this.  

Could someone walk me through the sonic wall setup?
0
What's the effect of turning on / off NAT in the Fortigate Policy ?

If NAT is on with "Use Outgoing Interface Address" , which IP address will be used for translation ? Will it translate original source or destination IP address in the packet ?

Thx.
FortigateNat.png
0
1. What's the difference between the two commands below ?

       diagnose debug flow filter addr 192.168.99.121
       diagnose sys session filter src 192.168.99.121

2. What the meaning for the command line below ?
       diagnose debug flow trace start 100
0
In an office I maintain, we have about 10 PC's running Windows 10. After a windows update, the clients are unable to resolve external host names. It appears this issue arose after the Fall Creators Update.

-The workstations are able to ping an external IP but they cannot ping an external host name (www.google.com), even when configured statically to use google DNS.

-Windows seems to leave with with no option to roll back the creators update.

-The warehouse PC is not on the domain, and has no issues even with all of the latest updates.

-After a reboot, the user's can browse the internet and outlook will connect to exchange for about 3 minutes before they go back to having the same issue

On the Client PC I've tried:

Malware scans and Windows Defenders Scans: They show my computer is not infected.
Completing remaining updates > no change
Flushing DNS > no change
IP Release/Renew and netsh int ip reset > no change
Noticed IPv6 was enabled, tried disabling it > no change
Changing to Google's public DNS  > no change
Reinstalling NIC driver > no change

I'm not really sure if this is an issue with the MS update on each machine or something on the domain that is not meshing. I was relieved that I still had the failure with the PC using google for DNS thinking my server is not at fault, however it bugs me that the non domain PC has no issues.

Where can I troubleshoot next?
0
Hi, I used these settings for my Sonicwall router smtp delivery but they dont work for the HP MFP

Mail Server:  outlook.office365.com
admin@domain.com\password

STARTTLS

SMTP PORT 25

AUTHENTICATION METHOD: Yes

SMTP Failure
0
I have an ASA 5505 running an old OS:

ASA 8.2(5)
ASDM 6.2(5)53

I have downloaded:

ASA 9.24
ASDM 7.82

Which I believe are the newest support OS for the ASA 5505.  Is there an upgrade path or can I just upload the bin files and assign them to be used and reboot?

Thanks in Advance
0
The Lifecycle Approach to Managing Security Policy
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

My server load averages are going way high and too many processes are being consumed. Is it a DDoS attack or something wrong with the server?
Screen-Shot-2018-01-02-at-14.54.13.png
0
I have been trying to work with Sonicwall support on this issue and have made no progress.  We have been using the appliance in the past with split tunnel enabled but, due to security requirements, we can no longer allow split tunnel.  If we turn it off,  remote users can access internal resources we have configured, but cannot access anything on the Internet. It seems that we need to create a resource which is "anything" on the Internet but we don't know how to do that. We don't see any kind of wild card options.  We have not given our users access to "Any" resource.  We need to specifically define the resource they have access to.  We need an "Internet" resource and then we can give them access to that.  Is this possible.  Or, is there some other way to approach this?

Sonicwall support had us upgrade the firmware to 11.40-468 with the 708 hotfixes but that did not create an options for resolving this requirement.
0
We have a connection to the Internet and now we just added another Internet connection. We want to use the new Internet connection just for Office 365. I am not sure how to go about doing this as I have a default route from my core to the FW and then from the FW to the provider router. So currently all Internet connection, including O365, is pointed to the default route and there is nothing going out of the the new Internet connection.
We have a physical connection from the provider to the FW, then from the FW to the core switch.

Any thoughts? Thanks
0
I currently have a SonicWALL TZ 200 configured with WAN connections on 2 interfaces. I recently purchased a HughesNET satellite connection and I want hook this up to the SonicWALL (And add it to the failover/load balancing). However, once I received the Modem from HughesNET (HT2000) I learned that it does not have a "Bridge" mode built into the router. I cannot disrupt my current Subnet (needs to stay the same). Does anyone know if there a way to configure the interface for the modem/router combo into the SonicWALL so it will work properly?

Thanks in advance.
0
I find that a ping can't be passed through from one zone to another. Turn on the Fortigate debug and report the followings:

2017-12-29 18:30:34 id=20085 trace_id=9 func=init_ip_session_common line=5519 msg="allocate a new session-00025aa1"
2017-12-29 18:30:34 id=20085 trace_id=9 func=vf_ip_route_input_common line=2583 msg="find a route: flag=04000000 gw-192.168.2.25 via lan"
2017-12-29 18:30:34 id=20085 trace_id=9 func=fw_forward_handler line=586 msg="Denied by forward policy check (policy 0)"

"Denied by forward policy check (policy 0)" - Do can I check which policy 0 in Forgiate it is referring to ?


Thx
0
Desktop:Windows 8
VPN connection: Forticlient 5.6 or Sonicwall Netextender 8.0 used to connect to office network
Telus internet connection
Browser: Chrome, Firefox
Situation:
1. Telus internet connection works fine.
2. Without VPN connection, Chrome and Firefox access internet is normal, .
3. With VPN connection, Chrome works fine, only Firefox is very, very slow.
4. I turned off Firefox proxy server setting, Firefox works fine about two days then slowly again
5. Computer found unnormal login script error message, seems has malware in it.

Question:
How to block firefox access internet through VPN connection before I find a way kill the malware.
0

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.