Go Premium for a chance to win a PS4. Enter to Win

x

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have installed a new RV340W router and have no problem connecting outside routers with VPNs except for one router, It is a FVS318v3 and it will establish Phase 1 but says Phase 2 is idle and wont cnnect or transmit any data? Any help is appreciated. Thank you.
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hi All

I have a couple of clients with SonicWALL TZ 300 routers, and am considering having them purchase SonicWALL’s Capture Advanced Threat Protection because it seems like a damn good idea! As I understand it, it's cloud based sandbox system.

Would appreciate hearing everyone's thoughts, concerns or experiences with the product or similar products.

Thank you!

Mark
0
I have not been able to verify that logs are being received on the centos 7 server using rsyslog

firewall has udp 514 open and listening same set on the cisco asa

cannot see why it is not working, I do sh logging and it shows how many TX are being sent via the trigger but cannot find on rsyslog server.
0
Hi Guys,

I had to switch our two WAN Interfaces on SonicWALL, (Thus X1 & X2)

1.  I switched the public IP configuration under Interface Settings
2.  and changed all the NAT policies, switching X1 & X2 for all rules


My questions,

a.  Is there any other rule(s) that need to be changed to switch primary internet access for LAN users between X1 & X2?

b.  I've noticed that some NAT rules refer to an "address object" rather than the interface (X1/X2) directly.  
These I did not change as the object's public address was still correct.  Is there a difference in referring to the interface (X1/X2) directly, or using an object instead?  
In my case, where I had to switch X1 & X2 ... the rules with objects made things a bit easier as it stayed the same.  Is this the only difference using an object or referencing to the interface directly?
0
In the example blow - Juniper firewall has heard from two WAN routers of a default route via OSPF.
It seems basically happenchance that 13.79.23.63 is the preferred default route. What could I do on the juniper to make 13.79.23.63 to always and purposely be chosen over the .62?

myjuniper> show route
0.0.0.0/0          *[OSPF/150] 1w6d 16:05:01, metric 26, tag 0
                      to 13.79.23.62 via reth0.0
                    > to 13.79.23.63 via reth0.0
0
I have 2 buildings each with their own ISP.  They both have ASA 5506Xs.  The switches are L2 only and there is no router on site.  Both buildings are connected via Fiber and each building is on a separate VLAN.  

Currently there is a VPN tunnel between the 2 LANs.  I have been asked to attempt to use the ASA to route between the VLANS.  There is a great instruction for this in another post and I have the ASA routing traffic between the VLANS (same-security inter and intra interface and the NAT exempt statements)

The problem is that the ASA seems to be blocking replies where it was not aware of the request.  For instance an Echo request is allowed through ASA 1 (10.10.10.1) from 10.10.10.10 to 10.20.20.20.  10.20.20.20 sends the reply to its default gatewy (ASA 2 [10.20.20.1]) who is unaware of the echo request and therefore seems to be blocking the echo reply.

My question is first if my assumption is correct as to the cause for the traffic being blocked and second, how to exempt the traffic between VLANS from SPI or otherwise solve this problem.
0
We have a Sonicwall TZ205 and setup a VPN using the Sonicwall VPN client.  It connects fine and puts us on the network fine.  The problem we have is our Shoretel phone system was a pain to setup so we have DHCP enabled on the Sonicwall and we put all of our desktops on Static addresses using the server as DNS.  

When the machine connects and gets the DHCP info, it gets the WAN DNS and not the DNS of the server so the programs the user has icons for on the desktop are not working.

I went into the adapter settings under network settings on the Global VPN client adapter and set a static IP with the DNS of the server.  It worked fine the other day and now the user is getting an error, Received invalid ID information notify then it goes to "Starting ISAKMP Phase 2 negotioation, starting quick mode phase 2 exchange, then errors again with Received Invalid ID information notify".

When I go back into the Sonicwall VPN connection Properties and go back to the Static IP, the gateway is blank.  I can reset it and everytime it goes back blank after trying to connect.

Is there a setting I need to change somewhere in the Sonicwall for this static config to work correctly?
0
This is a question about Internet outage at a client today.  Up front:

1. I decided to ask a question instead of writing an article: My choice.
2. I rated it high priority even though I know the answer to provide incentive for experts to answer.
3. I do not want and will not accept Googled answers. I already know how to use Google. Use only your own words, skill, knowledge and experience.
4. I could not find a solution here but that does not mean there isn't one.
5. I will select the first two best answers: 1,500 points each.

Background. My client downtown for which I do the Financial Consulting work. I went there this morning and Internet was just fine from 8:00 am to about noon when it went "thud" and was gone. Normally that is external, I hooked up my Rocket Stick to finish a few things, and asked the Office Administrator if she had called the ISP. She was on the phone to them. Everyone has no internet so no (hosted Exchange) Outlook email, but servers and printers are running.

Hookup:  ISP modem, business internet, 6 static IP addresses allocated. At this point, one IP for office, one IP for Wireless Guest access (no access to serverss or network), and one IP for wireless POS solution for our ticketing system.

The modem is attached to an ISP Cisco 891 (?) box, which lashup is to provide high speed internet to the office. Hooked to this is a Juniper Netscreen VPN router / firewall. Hooked to the Juniper are a couple of HP Switches to …
0
Client has small NT network with 1 SBS 2011 server as AD, FS, everything (Exchange disabled - use Office 365 now). Remote employees access the Shared files thru https://mail.xxxxxx.com/remote. Upgraded firewall from a Sonicwall TZ105 to a Draytek 2960. I have opened ports 443, 987 and 1723 and we still can not get into the Remote Web Access. What step am I missing? Thx for your help.
0
Hello - we have Microsoft troubleshooting a DHCP-related case for us, and they're seeing traffic coming from an IP address that is tied to our ASA gateway firewall.  There are 2 subnets going thru our network, so there are 2 IP gateway IP's associated with our firewall - 192.168.1.254 and 192.168.5.254.  They're asking for the MAC address of the 192.168.5.254 IP.  How do I find this?  I'm trying Experts Exchange to see if its faster than asking Cisco.  I've Googled it for 15 minutes and am not finding the answer so far.

thanks!
0
WatchGuard Case Study: Museum of Flight
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

One of the companies I support has their SonicWALL firewall issuing the DHCP server addresses to the Windows 10 client computers.

I recently installed two physical Server 2016 servers and am now being told that it will be better to move the DHCP role from the firewall to the servers.

Some people have said that it is best to have the SonicWALL TZ600 router assign the DHCP addresses in case the Server 2016 servers go down.

The Server 2016 servers are only being used as domain controllers and for group policy for the Windows 10 client computers. The security settings are such that if the domain controller can't be reached the users can still logon to their Windows 10 computers. This organization has all of their files saved in the cloud and the servers aren't used to store anything.

The servers and network printers are all using static IP addresses.

What are the advantages & disadvantages of having the Server 2016 servers assign the  DHCP addresses instead of SonicWALL hardware  router?
0
An organization I am consulting for would like to monitor and record their employees internet activity using their SonicWALL TZ 600 firewall.

Is there any way of doing this?
0
I am looking for any software appliance for Sophos XG.

I need it for make practice with Sophos firewall.
0
Ive been using the totalsecure subscription for sonicwall they also have totalsecure advanced i was wondering if it justifys spending the extra money on it or i should just stick with the totalsecure
0
We have a shared DR site with our parent company and we are currently on the same subnet (192.168.200.0/24).  Both of our production sites are in separate physical locations with a point to multi-point metro-ethernet link between the sites.  I'd like to segragate our servers from the parent company and place them on a separate subnet at the DR site.  

I'm including the config below that is relevant to my situation.  My production site is "Switch 1", the DR site is "Switch 2" and the firewall is at the DR site.  

At the DR site, I can either use the switch for layer 3 by configuring an IP (192.168.206.1) on interface vlan 206, or the firewall using 192.168.206.254.  My thought is that it would be more secure using the firewall, I'm not really seeing additional latency.  If I use the switch, I would need vlan 206 to use a different default route than vlan 200, which I don't think is possible.  Our parent company will remain on the 200 VLAN using 192.168.200.0/24.  My question is, I have it working using the firewall for routing as the default gateway of my servers on vlan 206, but am I configuring this in the most ideal way?  Thanks.

Switch 1 (Production site)

interface Vlan210
  ip address 192.168.210.2 255.255.255.0
 
ip route 192.168.206.0/24 192.168.210.1


Switch 2 (DR site)

interface Vlan210
 ip address 192.168.210.1 255.255.255.0

interface Vlan206
 ip address 192.168.206.1 255.255.255.0

interface Vlan200
 ip …
0
How do I change a Public Network to Private. Windows 8.1 and 10.

There is no ability to Make this PC discoverable.

Thanks.
0
Hello
I have purchased a second hand ASA and trying my first config attempt. I was wondering if an expert could check over it and advise if it looks ok or recommend any changes.

I will be connecting a modem to a VDSL connection and placing it into Bridge mode so the ASA will be the main gateway to the internet for my home/lab. I don't need DHCP internally as I have a DCHP server internally for devices. I also have a Static IP address from my ISP.

Appreciate your assistance.
ASA-config-EE.txt
0
Hello:
We are using a Sonicwall TZ 205 firewall behind a Barracuda Link Balancer 330. I have two ISP connections coming into the Barracuda (Sprint and Comcast). I have 5 public IPs from each ISP. We currently have the following servers behind the firewall (Exchange 2013, Microsoft Remote Access for VPN and an ISeries database server) that are accessed using the Sprint public IPs.

Internet ---Sprint Router (65.xxx.xxx.17)

Internet ---Comcast Router (173.xxx.xxx.142)

                  |
Barracuda Link Balancer 330 (65.xxx.xxx.18 and 173.xxx.xxx.139)
                  
                  |
Sonicwall TZ205 (65.xxx.xxx.20)

                  |
Internal Servers

In the Sonicwall, the Sprint public IPs are all NAT's to the internal private IPs.

 I would like to setup some inbound redundancy for these servers by mapping them to some of the Comcast public IPs. The Barracuda has only one connection to the Sonicwall so I don't know if I need to add another physical interface to the Sonicwall on interface X2 and configure it with the Comcast information and then put a switch between the Barracuda and Sonicwall. I know how to setup the DNS records to check if one line goes down, but I am unsure as to the physical connections.

Thank you.
0
I have a SonicWall setup to accept vpn connections. I am using the SonicWall App to connect to my network. No problems connecting, I get the app to connect. My issue is I want to be able to browse and open file shares from the server. I have been trying the File Browser Biz app. I am unable to get it to see any shares on the network. Anyone have any ideas on how to get this to work or another route to take to be able to browse and open files.
0
Lessons on Wi-Fi & Recommendations on KRACK
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

I have two Cisco ASA firewalls (5520 and 5506) that used to be connected by an ezvpn tunnel. Now I've set up a site to site, the tunnel connects, by machine name I can get from Site A (5520) to Site B (5506) but I cannot ping from a Site A vlan ip to a Site B vlan ip. Neither network appears in the other ASA's routing table.

The Site A firewall also has several ezvpn's running through it just fine. I need some help troubleshooting why I cannot ping from ip to ip.

Sanitized configs follow:

Site A-
ASA Version 9.1(3)
!
hostname SITE-A-FW
domain-name COMPANYNAME.com

interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address <SITE A OUTSIDE IP>

object network SITE-B-LAN
 subnet <SITE B NETWORK>

object-group network SITE-A-LAN
 network-object <SITE A NETWORKS>

access-list SITEA-2-SITEB extended permit ip object-group SITE-A-LAN object SITE-B-LAN 

nat (inside,outside) source static SITE-A-LAN SITE-A-LAN destination static SITE-B-LAN SITE-B-LAN no-proxy-arp route-lookup

crypto map VPN 80 match address SITEA-2-SITEB
crypto map VPN 80 set peer <SITE B INTERNET NEXT HOP> <SITE B OUTSIDE IP>
crypto map VPN 80 set ikev1 transform-set aes256set

tunnel-group <SITE B OUTSIDE IP> type ipsec-l2l
tunnel-group <SITE B OUTSIDE IP> ipsec-attributes
 ikev1 pre-shared-key *****

router eigrp <EIGRP NUMBER>
 no auto-summary
 <SITE A FW NETWORKS>
 redistribute static

Open in new window


Site B-
ASA Version 9.7(1)4
!
hostname SITE-B-FW
domain-name COMPANYNAME.com

Open in new window

0
I am hitting a mental road block here. I am needing to configure a TZ300 for Virtual Office access. I have a Comcast business router with an ip. How do I set up my WAN interface for access? I have the LAN setup 192.168.1.1/24
0
Hello Experts,

I would like to change my current (route outside 0.0.0.0 0.0.0.0 64.64.64.230 1) outgoing internet traffic through different interface  (route dsl1 0.0.0.0 0.0.0.0 192.168.254.254 2)


route outside 0.0.0.0 0.0.0.0 64.64.64.230 1
route dsl1 0.0.0.0 0.0.0.0 192.168.254.254 2
route dsl2 0.0.0.0 0.0.0.0 172.16.17.254 3

i Tried unplugging the outside interface hoping internet traffic would go out the other interfaces but it did not. so maybe  i am  overlooking something. I thought that since they have 1, 2, 3, after each route it is supposed to go out other interfaces if it fails on the first one.
Please note i can only use  SSH to make changes no ASDM
Please provide exact step by step solution. my PiX knowledge is very limited
Running Config Attached
Thank you
Running-Config-temp.txt
0
I have a Cisco ASA 5525-X with a static IP on the primary WAN interface, G0/0.  I also have an internet connection on interface G0/4 I'd like to use as a backup internet connection.  But this interface gets its IP and gateway via DHCP.  How do I configure route tracking when there's an obtained default route used on the backup line?

Thanks!
0
I have an office with a single internet connection and they are running a Sonicwall NSA220.  The connection comes in on a single CAT6 cable through the wall (no DSL or cable "modem").

My IPs are xxx.xxx.xxx.10 and xxx.xxx.xxx.15.  I have .10 configured on interface X1.  It is used in a site-to-site VPN.   I'd also like to use .15 in the same site-to-site VPN.  Yes, I know this is weird, but it this case, .10 is blocked (for now) by the Chinese firewall.  So I'd like to have both .10 and .15 used in the same site-to-site connection.

I don't think I can do the normal procedure for handling second IPs by NAT'ing them, since I don't know where to NAT them to.  Obviously I cannot have this second connection come through to X2 or X3.  I can't seem to create a virtual sub-interface under X1 since the IPs are in the same subnet.

What can I do?
0
VPN literally just stopped working for all of our users. No changes that I am aware of. Simple MS VPN connection to a VPN server.

Server side error:
 VPN2-112: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate.
PC/Workstation off Network connection error:
Error 619: A connection to the remote computer could not be established, so the port for this connection was closed.

Server-side:
Windows firewall and anything that could be blocking is off. I see the users hit the network via Firepower but then the "Error 619".
If I truly need to provide them with a workstation cert, how do I go about doing this and efficiently for several people.

TIA
0

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.