Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Hardware Firewalls





Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Guys,

We have an IP block from the ISP
Thus a couple of public IP's assigned, example:

Our NAT policies on over X1 interface is working well.

I've been trying to setup additional NAT policies on, but experiencing a connection issue.
Which brings me to the following questions:

1.  Is it necessary to setup a Virtual Interface for on X1?
Or could the NAT rules simply refer to X1?

2.  I tried setting up a Virtual Interface on X1 for, but it complains about the same subnet used,
What should the subnet for the Virtual Interface be?
Who's Defending Your Organization from Threats?
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Hello everyone,
A client of mine is having an issue with their wireless.  They have been reporting that the passwords were getting rejected so I updated the passwords and then the same thing.  I have tried rebooting it, which normally used to fix these issues but now does not.  They have two ssids, one for employees and one for guest and they are configured in a virtual access point.  There are no more firmware upgrades for this model, my next step would normally be to upgrade the firmware.  We have recommended upgrading this Sonicwall as it is no longer supported as well as having a separate access point in the past.  I honestly think that this would be the only solution at this point, but out of good customer service I am reaching out to you guys to see if there is anything else that I can try.
Hi Here is Opengear IM4216. I could not find relative document on it. Is it layer2 or layer3 device? What kind of device is it? Thank you
I need to add one of our vendors IP's to our Sonicwall so they are not blocked.

I'm just implementing a DPI inspection and I've download a key from my sonicwall firewall.
This cert. has been distributed to my PC over GPO.
How do I distribute the same cert to my MAC clients  ??
What's the effect of turning on / off NAT in the Fortigate Policy ?

If NAT is on with "Use Outgoing Interface Address" , which IP address will be used for translation ? Will it translate original source or destination IP address in the packet ?

1. What's the difference between the two commands below ?

       diagnose debug flow filter addr
       diagnose sys session filter src

2. What the meaning for the command line below ?
       diagnose debug flow trace start 100
I have an ASA 5505 running an old OS:

ASA 8.2(5)
ASDM 6.2(5)53

I have downloaded:

ASA 9.24
ASDM 7.82

Which I believe are the newest support OS for the ASA 5505.  Is there an upgrade path or can I just upload the bin files and assign them to be used and reboot?

Thanks in Advance
We have a connection to the Internet and now we just added another Internet connection. We want to use the new Internet connection just for Office 365. I am not sure how to go about doing this as I have a default route from my core to the FW and then from the FW to the provider router. So currently all Internet connection, including O365, is pointed to the default route and there is nothing going out of the the new Internet connection.
We have a physical connection from the provider to the FW, then from the FW to the core switch.

Any thoughts? Thanks
I currently have a SonicWALL TZ 200 configured with WAN connections on 2 interfaces. I recently purchased a HughesNET satellite connection and I want hook this up to the SonicWALL (And add it to the failover/load balancing). However, once I received the Modem from HughesNET (HT2000) I learned that it does not have a "Bridge" mode built into the router. I cannot disrupt my current Subnet (needs to stay the same). Does anyone know if there a way to configure the interface for the modem/router combo into the SonicWALL so it will work properly?

Thanks in advance.
Free Tool: SSL Checker
LVL 11
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I find that a ping can't be passed through from one zone to another. Turn on the Fortigate debug and report the followings:

2017-12-29 18:30:34 id=20085 trace_id=9 func=init_ip_session_common line=5519 msg="allocate a new session-00025aa1"
2017-12-29 18:30:34 id=20085 trace_id=9 func=vf_ip_route_input_common line=2583 msg="find a route: flag=04000000 gw- via lan"
2017-12-29 18:30:34 id=20085 trace_id=9 func=fw_forward_handler line=586 msg="Denied by forward policy check (policy 0)"

"Denied by forward policy check (policy 0)" - Do can I check which policy 0 in Forgiate it is referring to ?

Desktop:Windows 8
VPN connection: Forticlient 5.6 or Sonicwall Netextender 8.0 used to connect to office network
Telus internet connection
Browser: Chrome, Firefox
1. Telus internet connection works fine.
2. Without VPN connection, Chrome and Firefox access internet is normal, .
3. With VPN connection, Chrome works fine, only Firefox is very, very slow.
4. I turned off Firefox proxy server setting, Firefox works fine about two days then slowly again
5. Computer found unnormal login script error message, seems has malware in it.

How to block firefox access internet through VPN connection before I find a way kill the malware.
I have a client that we support that just purchased a 10 person office across town and need them to connect to our office.  The 10 users will be connecting to our applications via remote desktop services (RDS server 2012 R2) at the main office.  I am looking for a router / firewall appliance that offers both site to site VPN and Client to site VPN.  My goal is to use a robust solution that offers support that I can easily setup and understand.  Some have recommended Sonicwall and Watchhguard, but their business strategy requires that I go through one of their partners - who may be in direct competition with what we do - provide IT support.  We simply want a solution that is under $1000 per appliance, easy to setup and logical and someone to help should we have questions.  We gave also looked at Barracuda networks as well.  But with any of these appliances, I need specific models to go with.

We will need the VPN for both the branch office we are connecting to as well as allow users from our current office to connect remotely from their homes.  So total # of VPN users could be 20 users.  Any guidance would be appreciated.
Don't get me wrong, I have 20 years IT experience and can configure most routers easily and have used Most in the past.  Just don't know the current offerings with subscription based / more robust VPN solutions.
Dear Experts,

I have configured vlan10 (untagged) using port1 with IP -, (could not enter

I have a Cisco router 4321 connected at port1.

I configured vlan3 (untagged) on my port8 to allocated port8 to my local network.

My firewall I added the static route -       

        a. Destination: (Client's FW)
      b. Device / Interface: LAB-LAN
      c. Gateway: (HP Switch)

But the FW is still not able to ping the internet
The Sonicwall OS is 5.x. This is just the base router, no extra licenses for IPS, malware etc... I recently setup L2TP VPN for a couple users - using long and complex Pre-shared secret and each have a very long and complex password... I have been blocking obvious attempts from just IP addresses trying to access a webcam port using the info I found on how to do that - but blocking an IP address from WAN  - doesn't seem to affect efforts of a couple outsiders trying to access via L2TP - I see the failed messages from the different stages... but they keep trying - and added their IPs to my 'Blocked IPs' address object group has no effect.
I want to be able to deny them access to even try to authenticate and get them out of the logs - like blocking IP addresses.
Anyone savvy on the SonicWALL as to how to prevent attempted L2TP connections from undesired sources? Is there a way to create access rules to block from L2TP to ANY or LAN, we have the network on the X0 interface.
My understanding is there is a VPN access list on the SonicWALL - but it does not apply to L2TP.
Thank you!
I have been informed by Spamhaus that the IP address we use for corporate email has communicated with a known spam site and is either infected by, or NATing for, a computer that is infected by the S_Gozi trojan / downloader.

It states that the infection is extremely difficult to detect and is not seen by most commercial AV or EndPoint protection suites.

I have been told to program the Sonic-wall TZ215 to stop all traffic to sites outside the US.  We have never done this before.  Not sure how to setup the sonic-wall for that purpose.  I know this virus does not use the standard port 25 for smtp traffic it uses port 80 which i cannot block.  It is extremely difficult to find so i am trying to stop its connections at the firewall level to stop it communicating.  Any help would be greatly appreciated.

I would like to setup my personal firewall directly to the Netgear DM200 ADSL Modem (in modem mode).

This would allow me to connect directly through VPN to my work ASA5510.


ADSL Phone line <-> ADSL filter/splitter <-> Netgear DM200 <-> ASA5505 <->BT HomeHub5

I have set the DM200 in modem mode with the username "bthomehub@btbroadband.com", i dont know the password or the Authentication method "PAP or CHAP or MSCHAP"

The ASA is also asking for an VPDN group which I have no details for....

The DM200 is working because I can access th einternet when connected to the LAN port when in Modem mode.


Ultimately i just want to securely VPN into my work ASA but it would be useful to implement the Firewall for all outgoing internet traffic instead of placing it behind the BT Homehub5 that im replacing .

I would really appreciate it if anybody could offer any advice or help.
Hello Experts,  

I have had issues for about a month now and I am grasping as straws here..  I have about 200 users and about 10 of them every morning have the firewall blocking them from getting to any websites (different users sometimes but mostly the same few running different versions of windows, 7, 8.1, and 10).  I go in and check the user status and I find them in the "Unauthenticated users" section and have this error:  Agent returned no user name
I can do a test via DC logs and Netapi/WMI and it always comes back fine.  After about 2 hours the user will "magically" pop into the firewall via SSO and be able to browse once again.

Now for the things I have done:  Updated both agents.  Created a new agent on a new server.  ( I have 2 agents )  Ran tests to verify DC logs, Netapi, wmi were all working when testing against the IP address of machine.  Turned local firewall rules on our domain network OFF via GPO.  

Sonicwall support has been ZERO help.  We have called them at least 5-6 times. Any help is appreciated.
This morning when I got to work a couple of machines could not access the internet, including my own. The only common thing is that they have all got static IP addresses for RDC connections.

main subnet =>
DHCP scope => -

my static IP =>

On the PC's which have a static address if i change them to DHCP everything works. If they are static they are not able to access anything external. Internal Sites work fine. DNS lookups work fine for both internal and external sites.

I have tried getting a dhcp address on my PC, then setting the exact same IP address manually and see the same restrictive behaviour. Everything was fine yesterday evening when we left, nothing has been changed. i cant see any updates have occurred. i have checked router settings and rebooted several times. still no joy.

Any Help would be appreciated.


Evaluating UTMs? Here's what you need to know!
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

I have several Dell SonicWALL's in service but with one of them,  a TZ205 wireless-N, I can't remotely manage the Sonicwall.  I can connect to all computers at this remote location from a VPN tunnel, Site to Site.  If I connect to a PC behind that SonicWall I can then connect and manage the SonicWall.  This is an extra step that I don't want to have to deal with.

I've compared settings to my other SonicWalls's but none are the exact same model.  As far as I can tell everything is the same.

What am I missing?

Was just wondering, what logging you enable on your ASA? I ma not sure what to send to my logging server.

Hello Experts,
I just installed sonicwall tz400w and everthing is going well except printer. Printer disconnect automatically after few minutes. I have to connect them manually again and again. I am using commercial printer by konica minolta and i use fiery app on Konica. Its working fine without the firewall.  Please help
First timer here with a Sonicwall Soho wireless. I want to integrate it into a network where currently Verizon FIOS is providing Internet connectivity to one Server and three Windows 10 Pro workstations. Server is the only DC.

I'm almost certain the Verizon router's IP is dynamic, but will check when onsite.

I am thinking that the Sonicwall appliance should be set up physically where I run a CAT5 from the Verizon Router's LAN port to the WAN port on the Sonicwall, and then from the Sonicwall's LAN port to the switch.

Is this correct implementation? Any insight would be greatly appreciated.

Verizon Actiontech RouterMI424WR
Sonicwall SOhO Wireless-N
DellServer 2008 set up as DC
3 Windows 10 Workstations
I have a rack with a VMware cluster, SAN, and 2 Dell n3048 switches.  The 2nd rack has all end point termination for fiber and network users with 2 n3048 switches.  Currently the 2 racks are connected with a cat 6 cable.  I'm wanting to change the connection to one of the 10gb fiber ports but curious what is the recommended method for connecting these switches with different MTU sizes?
Hi  all, please help me on this.
in the palo alto monitoring I see the ip is allowed by policy but the session end reason showing" tcp-rst-fromclient" means pls advice me this is the issue causing due to firewall denying or dropping traffic or issue on the client end.

Hardware Firewalls





Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.