SonicWALL Enhanced OS

-

Holy Moly!  I went to configure a simple port-forwarding rule on a customer’s SonicWALL TZ200 today and entered into a whole world of hurt!

All I wanted to do was allow HTTP traffic into an internal web server – exceedingly straightforward on any device I’ve ever worked on before… not so under SonicOS Enhanced!

After about an hour of bizarrely confusing options I realised that one needs to create an address object for the internal server, create a NAT policy to allow access, and then create a firewall access rule.  This doesn’t sound too bad except it wasn’t that simple in fact.  To add to the confusion, I managed to create a NAT loop which killed the network!  That was purely down to my own stupidity though!

So how did I get it to work?  I gave in and used one of the wizards after looking at the following excellent post online: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7027

Turns out the device needs THREE NAT policies (inbound, outbound, and loopback) plus address object, plus firewall access rule!  What?!!

My advice: take your time with this OS and use the wizards unless you’ve got loads of experience with these devices.

Comments

Post a Comment

Popular posts from this blog

Where are SCANPST.EXE and/or SCANOST.EXE?

-
Image
I sometimes have to deal with customer computers whose Outlook PST or OST files have become corrupted.  Very often the fix is to run SCANPST.EXE on the offending PST/OST file.   However, every time I go to do this I forget where the two executable files are.  Here is where they are on a Vista machine running Office 2007: C:\Program Files\Microsoft Office\Office12 I hope this helps.
Read more

APC PowerChute Network Shutdown - Authentication Phrase

-
Image
​Was installing  APC PowerChute Network Shutdown (PCNS) on a customer’s server and couldn’t find a record of the Authentication Passphrase that I set ages back on their Smart UPSes Network Management 2 Card. So I went to reset it on the card and start anew… it took a lot of digging to find it on their particular release of firmware: Go into the UPS tab, then into “shutdown” inside the “Configuration” category: You may then need to change the passphrase being used on other servers. To do this, open up PCNS in your browser and click into the area shown below:
Read more

WSUS Issues

-
Image
Was configuring WSUS on a Server 2016 VM for a customer recently and found the performance to be very sluggish and most of the time the client PCs would time-out and throw an error message when trying to check for updates. After much digging on different forums I came across a fix that worked nicely: Open Internet Information Services (IIS) Manager and click on Application Pools Then Right-Click on your WsusPool instance and choose Advanced Settings Scroll down to Private Memory Limit (KB) and change it from the default of 1843200 to 0 which means unlimited. Then right-click and stop the WsusPool and then start it again. Hope this works for you.
Read more