Sonicwall

SonicWall Setting Converter

Posted by robd on April 09, 2016
Sonicwall / No Comments

If you need to replace a ‘Standard OS’ Sonicwall with an ‘Enhanced OS’ Sonicwall there is a webpage to allow you to convert an exported config to the right format to then import on the new device

https://convert.global.sonicwall.com/

I tested it from a TZ170 to an NSA220 and it worked well.

Tags: ,

SonicWALL – Bandwidth Management

Posted by robd on January 21, 2015
Firewall, Sonicwall / No Comments

SonicWALL – Bandwidth Management

Firstly create the address objects i.e. create the subnets that you want to bandwidth manage:

1

 

 

Optional: Then the object group to group them all together

2

 

Next go to BWM under Firewall Settings and BWM, then change the type to Advanced:

3

 

Next go to Bandwidth object and create an object and choose if you would like a guaranteed bandwidth and your max bandwidth:

4

 

Next create a Firewall Access Rule:

5

On the access rule,

From: i.e. where the traffic is coming from in this cause our internal LAN.

To: The internet or WAN

Any port and service,

Source: our new subnet group.

Destination: anywhere on the internet

Users Included: All

Users Excluded: None

Schedule: Choose a schedule to manage the bandwidth

 

Finally choose the logging and extra security:

5

 

 

Next go to BWM and choose your new Bandwidth object.

Note Egress is bandwidth “out” and Ingress is bandwidth “in”:

6

 

o confirm anything is in place you can check you access rules.
1. A filter symbol means BWM is apllied
2. A clock symbol means it is scheduled.
sonicwall8

Also you can watch a GUI of statistics on Dashboard –> BMW Monitor
sonicwall9

 

 

Tags: , ,

The Meru AP to VPN to HP Switches to Controller issue

Posted by robd on April 08, 2014
Networking, Wireless / No Comments

Hi all,

As well as our main site we have a remote site, lets call it Remote1. Remote1 is on a basic ADSL line, the site connects to the main site via a site to site VPN between two SonicWall’s.  Remote1 has two Meru Access Points (AP332e) which are configured to communicate with the Meru controller at the main site which is where our issue was.

Here’s a pretty picture to help see what I’m on about:

MeruIssue

With the help of Meru support who were brilliant I carried out the follow analysis:

So normally Meru AP’s talk to the controller via UDP broadcast packets i.e. UDP port 9292, 9393.  If that doesnt work it uses layer 3 IP routing.

From the remote site I can ping (IP address, server name and broadcast address), telnet and http access the Meru Controller via the VPN. Great Layer 3 is good to go.

From the Controller I can ping the Access Points. Again great.

We have two AP’s on the remote site, to test one is set to L3 and one to L2 but neither work…hmmmm

From connecting to the AP’s via a cable we can see the packets are broadcasting and the AP’s have a valid IP address,

A packet trace on the firewalls show the UDP broadcast packets arrive and leave the remote firewall, are ingested and forwarded at the main site,

Wireshark

A port mirror on the controller shows no traffic from the remote site subnet.

A port mirror of the Main Sites firewall show the packets entering the network but when you connect to the next switch and port mirror I cant see any traffic (see wireshark results below):

wireshark2

 

So what the hell is going on???  Well it turned out I hadnt drawn the network diagram properly (above), here’s the proper topography:

MeruIssue2

Between the firewall and the first switch we have a Lightspeed Rocket that does a great job of email protection and website filtering.  Well after looking on the main web filtering page I noticed a tick box under “Block all unidentified UDP connections, Skype, UltraSurf type traffic, and file-sharing networks such as BitTorrent.”….well bugger!!

LightspeedBlock

So I un-ticked this section and Boom the AP’s came one line!!

Now this isnt great as users could start using P2P so I re-ticked the box and added a exception for AP’s and we have a winner!!!

Big thanks to Meru Support, Lightspeed Support, SonicWall Support, HP Support and Commercial LTD (who in the end helped find my missing piece in the diagram).

Tags: , , , , , , , ,

Copy Protected by Chetan's WP-Copyprotect.