Network Operations





Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello Everyone,

I have a SoniWALL NSA 3500 that I am trying to configure to open port 8000 for a Network Video Recorder (Hikvision). I want to port forward.  I created an object for port 8000 and then for the internal IP address that the recorder is going to use. I then went through the Public Server Wizard and and entered the internal IP and then the wizard went ahead and added our WAN address and then created the inside, outside and loopback parameters.  For all intents and purposes this should have opened port 8000 once I went through the wizard.  

Issue is when I try accessing from outside (or even inside my LAN network) using our WAN IP and then adding the 8000 suffix (x.x.x.x:8000) it's not reachable.  I believe I should receive at least a SonicWALL test page, correct?  Even if the device is not plugged into the switch yet I should still get something from the SonicWALL I believe.

Can anyone tell me if there is anything else I can do to make sure that port is open?  Web tests still say the port is closed.

Any help would be most appreciated!

I have configured UDP jitter SLA on my test lab. What do the below counters indicate of my connection? Why is there no latency numbers?
How am I supposed to read this?

ip sla 90
 udp-jitter 65050 num-packets 20
 request-data-size 100
 tos 128
 frequency 30
ip sla schedule 90 life forever start-time now

Test_Lab_Router_Place#sh ip sla statistics  de
IPSLAs Latest Operation Statistics

IPSLA operation id: 90
Type of operation: udp-jitter
        Latest RTT: 11 milliseconds
Latest operation start time: 12:03:15 cst Wed Feb 21 2018
Latest operation return code: OK
Over thresholds occurred: FALSE
RTT Values:
        Number Of RTT: 20               RTT Min/Avg/Max: 9/11/17 milliseconds
Latency one-way time:
        Number of Latency one-way Samples: 0
        Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Source to Destination Latency one way Sum/Sum2: 0/0
        Destination to Source Latency one way Sum/Sum2: 0/0
Jitter Time:
        Number of SD Jitter Samples: 19
        Number of DS Jitter Samples: 19
        Source to Destination Jitter Min/Avg/Max: 0/2/8 milliseconds
        Destination to Source Jitter Min/Avg/Max: 0/1/1 milliseconds
        Source to destination positive jitter Min/Avg/Max: 1/3/8 milliseconds
        Source to destination positive jitter Number/Sum/Sum2: 5/19/119
        Source to destination negative jitter Min/Avg/Max: 

Open in new window

Hello Experts,

Our Main and Branch Office is connected via 30 Mbps MPLS IP VPN . The internet services are centralized at HQ. We have got two separate internet circuits at HQ dedicated for Business and HQ.
My requirements will be as follows as per the attached diagram
- Guest Internet traffic should go through via FW1
- Corporate traffic should follow default route  currently configured on L3 switch at HQ
- To configure Policing on Branch Office L3 switch. Corporate Traffic 20 Mbps and Guest Traffic 10 Mbps

I would appreciate any help and suggestions.
Hows everyone's experience with Palo Alto Networks Premium support?  Do they pickup the phone 24/7?  How is it compare to Cisco SmartNet support?
We were on hold for critical issue with pan for 30 min elevator music.  By that time we figured things out and ended the call.  Doesn't look like quick enough.

Anyone experienced the same or better?
Hello All,

I'm in need of some guidance regarding a new project I'm about to start. To give you a little background I handle about 15 different clients. My larges client only has 3 servers and about 30 users. For the past 15 years I've handle very small business with one or two servers. The routine admin stuff for small domains.

This new project belongs to my oldest client that has started selling franchises thought out the united states.  They estimate about 30 new sites in the next 13 months. I have very little time to create a Network Operations Center. The company expect to add 30 sites a year or more to a total of about 300. so far 15 have been sold but contsturctions will not start for another few months, so I guess this is really happening.

As you can imagine I'm a little bit out of my comfort zone.

My main question is how to handle the data. Right now we have 4 centers with a PDC and a BDC out of corp office. All connecting through vpn to corp to access files (mostly excel and word). Each center has 6 computers and all centers have about 25 MB of bandwidth. No real problems from about 10 years with this setup.

My intent is to build the infrastructure for 200 sites with 6 computers in each site. I want to divide the country into time zones and create a domain in each time zone. I was thinking a PDC and BDC per zone and VPN from each site. I know I'm really behind the times on a lot of this stuff and there might be a better way to handle this.  All …
If a want to measure how much bandwidth a data link is consuming I have to add the upload and download of the link?

How to setup up a new domain Controller.
I have been replacing antiquated equipment with unifi APs and switches.  I have a sonicwall that breaks my feed into 2 subnets.  One of them is content filtered for a school and the other is for church offices.  I would like to install a USG for the latency and throughput info, but can't seem to figure out how to get it to work without it interfering with SW or APs.  

Is there a way to do it?  I can buy another so that each subnet can have its own.  What I can't do is get rid of sonicwall or two distinct subnets as the school has to have the content filter and USG doesn't have enough of that capability.

I have changed IP and tried it on both subnets.  I have tried it before the SW and after.  I have adopted it, and it brings everything down.  I have adopted it and get caught in a provisioning loop.  It know shows managed by another device.

PS not an IT prefessional, doing this to save my school money and getting them the best technology possible!  So small words and simple answers please.  I have putty, but need step by step help
What is it and where is it used?
Where do I go within the SonicWALL TZ600 router interface to view which licenses have been purchased?
I have a client with a Sonicwall TZ 215  (SonicROM ) that is using a SonicPointN for wireless access. The SonicPoint is setup on Physical interface X2 with a network and the X2 interface also has two VLAN Sub-Interfaces on it, X2:V18( and X2:V19 ( These VLAN’s are used to create the two wireless zones, one for Guest and one for employee’s. The customer now wants to add a remote lighting “Hub” that is manipulated via an Android or iPhone apps. Even though the “Hub” is accessed via the internet the initial setup has to be done with the phone app being able to see the unit on the same local network segment. Since the hub only has a Ethernet jack and the phone only has wireless, the phone and the hub need to be on the same wireless network. So I what I am trying to accomplish and can’t seem to get working it make the X3 interface on the Sonicwall be on the same VLAN Sub-Interface as the wireless access point. In this case that would be X2:V18. So to sum the whole deal up.  I need to get X3 interface assigned to the same network ( and the VLAN-Sub-Interface as X2:V18. I can’t seem to get it the way I need, no problem getting the X3 on the X2 network ( but not on the X2:V18. Any help would be appreciated. Thanks

Glenn Thibeault
Onsite Information Technologies
Appreciate step by step guide on how we can use Solarwinds to

a) issue commands in batch (ie to all the hundreds of servers & Cisco devices)
    & collect back the outputs all in one file   : I used to have one HP central management tool that could do this

b) the OS commands I plan to send out are:
   Windows are :  "hostname; wmic qfe list"
   Solaris are     :  "uname -a; showrev -p"
   Cisco are       :  "hostname; show ver"

Our MS SCCM is used for PCs only so can't use it
Hi Expert Team,

I need help to automate a SQL database alert generated from SCOM . We used to get an alert  'database backup should be performed' for SQL database servers. But in our project we have Always-on cluster(Mirror) database servers and database backups are performing on Primary  database servers. But SCOM is complaining the same for secondary databases and many such alerts are generating from SCOM.  All these SCOM alerts we receive as incidents in ticketing tool via Orchestrator2012. Our goal is reduction of  such incidents. Therefore i want to automate this kind of  alert to identify which is primary database and trigger alert for only primary database servers and not for secondary database servers. . Is it possible to resolve within SCOM console or can we do anything in Orchestrator2012.

Please guide me how to automate.

Thanks for support!!!
Dear Expert,

I will shut down my Checkpoint Firewall R77 and Hitachi San (model: HUS130) . Could you please provide a startup and shutdown procedure for Checkpoint and HItachi SAN manual. In addition, Will share your experience for shutdown /startup process. Thanks
There's request to open up ACL (audit command language) tool to Internet from an internal zone server (ie not in DMZ) for periodic licensing validation.

 if we go through bluecoat proxy, will it work & is this considered secure?  Or it's better this server is moved into DMZ (but this is not an option as this server's
IP will change & we have to unjoin it from AD as we don't have an AD in our DMZ or rather it's blocked)

 Planning to restrict to specific URL for outgoing only (or is incoming port required too)?
We have an ATT Arris 5268AC gateway that had dynamic IP internet service and was passing traffic flawlessly to a Sonicwall TZ400.  Last night traffic stopped being passed.  When connected directly to the gateway with an independent client (desktop) we can get WAN access and see our public IP no issues.  ATT convinced us to buy a block of static IPs to fix the problem but no luck.  I need to 5267AC to pass all WAN traffic to the TZ400 as no user behind the firewall have any WAN access at the moment.  We are on our failover comcast circuit at the moment but need to resolve this.  The Sonciwall provides DHCP and inherits DNS from the WAN.
Recommendations for a Small Medical office firewall, but don't want overkill. but secure!
Does anyone has a document to share the color cable scheme?   Just want to have an idea.  How many colors are OK to have?  How many not too many and not too few.
Thanks in advance.
Hello EE, We have Honeywell handhelds and we've set them down in the warehouse and lost them.
I'm looking at the following:

but concerned if the Bluetooth will interfere with the handhelds ability to connect to WIFI if they are fixed to the handheld.
Anyone use these and can speak to it?
Due to legacy design, our Management VLan (where consoles of various servers, ESXi hosts, devices including WAF & Firewalls) are open to users to ssh/ssl in (though password will be prompted).

There's an urgency to fix this: I heard this VLAN sits on either the core or distribution Layer3 switches & not behind firewall :  to migrate it to behind firewall is going to take time & we may not have enough free firewall port/leg.

What's the fastest & safest (ie without causing disruption when making change) to get this VLan filtered/protected (pending firewall being purchased which will take a while) as it's considered quite a risk.

I suggest to put ACLs on the distribution/core switch but my netwk admin objected, saying core switch's function is
for fast routing/switching & we should not put ACLs as it will slow down the routing/switching.  He further argued that such ACL can be complex & accidentally blocked dynamic routing protocols (EIGRP & OSPF etc), causing disruption.

Our core & distribution switches sit in the same Nexus chassis.
Dear Experts,

I went to the cisco website to find the latest firmware for my client's router.

Currently the firmware is isr4300-universalk9.03.13.04.S.154-3.S4-ext.SPA.bin

In the downloads, i found:

- 3.13.8S(MD)
- 3.13.7S(MD)
- 3.13.6aS(MD)
- 3.13.6S(MD)
- 3.13.5S(MD)
- 3.13.4S(MD)
- 3.13.3S(ED)
- 3.13.2S(ED)

I deduce that my client is using 3.13.4S(MD)

My account does not allow me to download 3.13.8s(MD) but I can download 3.13.7S(MD) but I am not able to review the version's release note, I clicked on the release note link and it brought me to which I do not know which document to look at. As I cannot find the release note for 03.13.7S.

Can anyone please help me on this?
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      

Hello everyone,
A client of mine is having an issue with their wireless.  They have been reporting that the passwords were getting rejected so I updated the passwords and then the same thing.  I have tried rebooting it, which normally used to fix these issues but now does not.  They have two ssids, one for employees and one for guest and they are configured in a virtual access point.  There are no more firmware upgrades for this model, my next step would normally be to upgrade the firmware.  We have recommended upgrading this Sonicwall as it is no longer supported as well as having a separate access point in the past.  I honestly think that this would be the only solution at this point, but out of good customer service I am reaching out to you guys to see if there is anything else that I can try.

We are running an intranet in our we are thinking to provide the access of our intranet to the users even through their mobile..How can we do this... and is this possible?

Thanks in advance,
Srikanth Nandyala.
I already have a "Server Room" temperature device that
automatically emails and calls me when the TEMP goes
above 75 degrees, allowing me to fix whatever
AC issues I might have.

What "Automatic Shutdown during Overheating"
features can I setup on my Windows 2012 Server,
Dell T630 so I don't have to worry about
the below happening ?

Maybe some type battery backup that automatically
cuts off the power supply after the room reaches 90
degrees, I do not need it to GRACEFULLY shutdown,
it can FORCEFULLY shutdown if needed

 1. server room AC fails, internet fails, but power
    is still on, room goes to 90 degrees, but I never
    get emails and calls since my "Server Room"
    temperature device cannot connect to the INTERNET

 2. I get automatic email at 2am on Saturday morning,
    but cannot drive the 40+ minutes to work to manually
    shut down the servers since it is ICEY outside and my
    home VPN internet connection is down so I cannot
    remote in to shutdown the servers

Network Operations





Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.