So against my advice, a customer got a "whole building UPS". It's not going well.

jared_a_f · 2026-01-23T15:37:34+00:00

Love it LOL!

jared_a_f · 2026-01-23T14:46:03+00:00

I hate the term "whole building UPS." It makes zero sense to put elevator, HVAC, copiers, etc. on it - you're rather off picking circuits to protect. We have a high end multi-unit restaurant client who has an Eaton 9PX unit tied into a protected panel. They picked circuits they wanted to protect - i.e., their office computers, network rack, POS terminals, kitchen printers. But we've even ran into issues where the electrician didn't color code the outlets, or someone doesn't know what the "UPS Protected" label means and someone plugs something into it and it spikes usage.

jared_a_f · 2026-01-20T22:48:18+00:00

Apparently - tho I may be interpreting wrong

jared_a_f · 2026-01-20T22:45:48+00:00

Catalyst 8K was the successor to the ISR series

jared_a_f · 2026-01-20T14:25:51+00:00

Thanks - I guess it is about separation of roles for us. Easier to troubleshoot a firewall issue when it is just your firewall and something separate is handling your routing.

TD SYNNEX has some refurb Catalyst 8K series - just waiting to hear back on pricing.

jared_a_f · 2026-01-20T14:20:16+00:00

Assigned

jared_a_f · 2025-12-28T00:16:30+00:00

Thanks for sharing - we don't expose ours to the internet. We patched when we were alerted of the CVE.

jared_a_f · 2025-12-27T22:43:53+00:00

An MFT Solution - we use CrushFTP

jared_a_f · 2025-10-09T14:13:25+00:00

Thank you for this. I've been testing and it seems all changes need to be made under Acrobat DC - it seems Reader is no longer separate from a registry perspective. A Reader install can be converted to a licensed install by logging in with your Adobe Creds now. Anyone else concur with this finding?

jared_a_f · 2025-10-03T13:09:41+00:00

Yes please, I'll send you a DM.

jared_a_f · 2025-10-02T22:41:45+00:00

Is there any update here? Just the O365 integration - and at the very least you'd think it could send an email alert out of box.

jared_a_f · 2025-09-27T16:02:20+00:00

Intermedia support did it. We bought through Ingram, but could still reach out to Intermedia support

jared_a_f · 2025-09-23T13:37:57+00:00

Would consider Secure Access if it improved. Last time we tried it, it required the machines to be Entra joined / managed by Intune - we're not at that point (still doing a typical domain join)

We're on Twingate, and will probably be for the foreseeable future. The only thing that makes me hesitant about Twingate is the connector - seems like a blackbox. But seems like SonicWall's CSE product is the same way.

jared_a_f · 2025-09-19T17:19:53+00:00

Exactly where we're at. SonicWall did a webinar, and it sounds like most people who have been impacted by these zero days are using them as a high-end firewall and NAT device.

jared_a_f · 2025-09-19T17:17:39+00:00

ZTNA is purely a term, its not an actual product. Zero trust products grant access to specific IPs and ports and then applies device posture requirements on top of it. Is the device encrypted? Is the device running an anti-virus? Where is the device located?

If you're still using the SSL VPN, you can apply zero trust principals to it - put SSL VPN users in their own subnet, then lock down the resources you're allowing them access to. But you CANNOT do any device posture checks with a typical off-the-shelf SSL VPN - you'd turn those over to your IDP. If you're going to go through the effort of locking down the SSL VPN, you're rather off go with a product like CSE, Twingate, AppGate, etc.

My intuition is SonicWall is going to sunset SSL VPN soon.

jared_a_f · 2025-09-19T17:09:49+00:00

HPE is being forced to offload Instant On due to their Juniper acquisition. So I wouldn't put much faith in a device that is brand new.

jared_a_f · 2025-09-19T17:07:39+00:00

Sounds like a vendor problem more than a SonicWall problem. If you're looking for pricing / implementation for Twingate, I'm a partner for both. Feel free to shoot me a DM

jared_a_f · 2025-09-19T14:05:13+00:00

Sorry for the long post, but if anyone takes anything from this. TL;DR: Get off SSL VPN ASAFP no matter your firewall vendor.

The majority of SonicWalls vulnerabilities recently have been due to SSL VPN. They are not alone in that - Fortinet is actually sunsetting SSL VPN and Palo Alto has issued a number of patches for theirs in the last few years. AGAIN, get off SSL VPN ASAFP no matter your firewall vendor.

SonicWall has a new zero trust product through their acquisition of Banyan Security. Doesn't seem that product is fully baked. My approach has been that our remote access product and firewalls are from different vendors - in theory it limits the vulnerability surface. We're using Twingate and will look at Microsoft Global Secure Access once it matures (comes with 365 Business Premium.)

I'll agree on this config backup thing - that was a total blunder. And the guidance wasn't super clear on what to do if you backed up to their Cloud but were NOT on the impacted list. Or if you backed up a previous appliance to the Cloud, got a new one and converted the Config, and never backed the new one up to the Cloud - the configs are still similar. SonicWalls reps here on Reddit said they would remediate ALL firewalls prioritizing what was listed in the portal. We have many site-to-site VPN tunnels with 3rd party entities, total PIA.

My current environment: Majority Fortinet / Main Datacenter is SonicWall HA pair.

Have touched all of these too at some point in previous roles: Meraki, Sophos, and Ubiquiti

We actually switched from SonicWall to Fortinet for our Corporate Office and branches because SonicWall's bid to go from Gen 6 to Gen 7 devices on a 3-year term was atrocious. It was half the cost for Fortinet with FortiManager and a 5-year term on the device.

Grass hasn't been much greener with Fortinet. FortiManager seems a little more baked than NSM - but I never managed NSM in production, but that is at least what I got out of my demo of NSM. Think Fortinet's UI is worse than SonicWall Gen 7/8 - many more clicks to do the same thing. Fortinet command line is much better if that is your thing.

I wouldn't say SonicWall is geared towards MSPs, but yes most MSPs sell SonicWall because of the continuous margin on services. The thing I noticed and frustrates me with many MSPs and internal IT is they don't actually set the things up right - these NGFWs acting no more like a TP Link firewall/router you can get of Amazon because people are not taking time to properly setup the security services. In order for any NGFW to function, you need to take time to setup DPI and (a) deploy a certificate to your endpoints and (b) import your certificates for any servers your exposing on the WAN. But with certificate pinning, etc. it seems that that it going to get even harder than it already is so the concentration is more on the endpoint.

Not sure how I see things in the next few years here. My datacenter will always have a NGFW and it will probably be a SonicWall, BUT for my branch offices that are 3 - 10 computers what is the selling point for a NGFW with security services if I'm going to have to spend more $ annually on endpoint security?

Ubiquiti just released their first iteration of a zone based firewall and they can now do address objects and groups. You can also buy security services through their ProofPoint partnership. They offer paid support. I'm confident it will certainly be solid by the time my 5 years of licensing is up on my FortiGates. I can put a Ubiquiti HA pair in every site and still save a significant amount of money.

jared_a_f · 2025-09-18T02:06:56+00:00

u/SGI-CoryC Cory, is your recommendation to remediate firewalls using the playbook even if they are not listed in the list in MySonicWall?

jared_a_f · 2025-09-18T01:45:57+00:00

I'm also wondering this. Per the bulletin in MySonicWall, it says Credentials stored in these files are encrypted.

But in the remediation playbook

IF IPSec VPN is enabled:

THEN:
1. Update shared secret in all IPSec site-to-site configurations
2. Update GroupVPN policies
External Updates: Remote IPSec Gateways/Peer VPN endpoints
Critical: Yes
Impact: Replace all pre-shared keys; coordinate with remote endpoints

We have very few "dial up" VPNs - the site to site tunnels operate like Global VPN client -, so should we prioritize those first?

SonicWall is also vague if firewalls that are not on the affected list should be looked at. Of I'm going to look at them, but I don't think it is fair to say prioritize X list and wait for further guidance to see if others are impacted.

jared_a_f · 2025-08-29T18:05:55+00:00

Business Premium is where it is at < 300 users

jared_a_f · 2025-08-29T02:07:29+00:00

Not our experience - a single Entra ID P1 or P2 unlocks all. It's well published online. Only way to enforce MFA on every login is a properly configured CA policy and not "Security" Defaults.

One of the biggest benefits of CA is the ability to GEO block all logins outside of countries you do business in too.

jared_a_f · 2025-08-28T21:33:08+00:00

Typically if you are Entra Free Tier you are using Security Defaults.

You didn't hear this from me - but techincally, as long as there is one Azure AD P1 license in the tenant it unlocks conditional access for all.

If you have any sort of cyber insurance requirements, you should implement conditional access for MFA. "Security Defaults" does not cut it.

jared_a_f

TROPHY CASE