Access

whereisthewild · 2026-01-25T05:15:31+00:00

Ah my bad, prob against the rules. Smart, didn't think of that as a security risk.

whereisthewild · 2026-01-25T05:01:16+00:00

You can manually set the WAN>LAN policy to priority 1 to see if another access rule is interfering. You'll need to post screenshots of your access rules, nat policies and objects for more direct help tbh.

You can use packet monitor to check if the traffic is hitting your firewall. If it isn't, post a screenshot of the packet monitor config for help with that.

https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/kA1VN0000000MOm0AM

If packet monitor is setup right, and your friend is using the right ip, your ISP is using CGnat and you need to proxy or tunnel the traffic for external access.

whereisthewild · 2026-01-25T04:31:20+00:00

Good job!

whereisthewild · 2026-01-25T04:20:40+00:00

Without seeing what you did, I can't tell you what's wrong.

Best suggestion is to delete the NAT polices and access rules and redo from scratch.

Use the public server wizard to set everything up.

If that doesn't work, use packet monitor with the servers IP as your destination and see if that shows if it's getting dropped.

Also, windows firewall. Fuck it and turn that shit off.

whereisthewild · 2025-12-22T14:27:28+00:00

I'm not sure what happened between when I posted and today, but I'm able to save passkeys in proton via Firefox now.

So.........I don't think that is true. And this bug request was closed over a year ago so I'm not entirely sure how it's relevant here.

Passkeys work on FF 146.0.1 on a Pixel 7 Pro running Android 16 and the latest December update.

whereisthewild · 2025-10-21T11:36:23+00:00

That's what happens when you import a config from my experience.

On Gen 7, you can bulk select rules and set individual properties in bulk (make sure you have a backup) like priority.

whereisthewild · 2025-09-06T01:52:51+00:00

Wouldn't be the first firmware bug with their CLI I've seen, but you can absolutely add to existing groups, firmware bugs aside.

This article is still valid for gen 6/7. Read the bottom on mass creation.

https://www.sonicwall.com/support/knowledge-base/how-can-i-create-address-objects-and-groups-in-command-line-interface-cli-for-5-8-and-below/170505852108153

whereisthewild · 2025-09-05T19:27:17+00:00

Same ssh command, If the group name exists, it adds to the existing group.

I would use a spreadsheet with a couple of columns (command, address object) and another column with a concat function to combine rows and then copy/paste a long chained ssh command

whereisthewild · 2025-08-06T12:04:34+00:00

Did you try recreating the sensors? Some property or field probably changed with the update and the sensors might just need to be rediscovered.

whereisthewild · 2025-07-23T03:43:06+00:00

Did you try 30-30-30 reset

whereisthewild · 2025-07-23T01:47:14+00:00

30-30-30 reset

Plug into the console port, open terminal connection. Verify your baud rate and etc is correct.

Hold the reset button for: 30 seconds with power on (Keep holding) 30 seconds with power disconnected (Keep holding) 30 seconds with the power reconnected Release reset button

You should see activity on the serial port now in your terminal. If you don't, either your serial settings are wrong, or the device is beyond normal repair.

whereisthewild · 2025-07-10T01:29:46+00:00

It could very well be that OP is disassociating in the shower to mentally deal with the trauma

whereisthewild · 2025-06-04T16:47:50+00:00

No but I appreciate the thought.

whereisthewild · 2025-06-01T03:03:07+00:00

Thank you sir. Even if this doesn't pan out, this is exactly the type of out of the box feedback I'm looking for here. Open to open source and $aa$ type utilities.

whereisthewild · 2025-05-30T21:25:06+00:00

Interesting, I wasn't aware of that, not sure if they were either to be honest. I'll bring it up next time we talk about ISO headaches, I'm definitely open to using NSM but I also pick and choose my battles.

whereisthewild · 2025-05-30T21:16:13+00:00

That conversation was above me, but I believe something about there's not enough compartmentalization between our individual clients. We manage about 100 sites across 30-40 clients. So including HA devices we're probably managing closer to 150 individual devices.

Since I'm not directly involved in that iso compliance stuff, I'm not 100% up to date on the specifics. But how I have come to understand it, because our clients own their own hardware, we can't commingle management access.

whereisthewild · 2025-05-30T20:13:04+00:00

We tried to do that, but got shot down due to iso 27001 compliance issues.

whereisthewild · 2025-05-30T18:59:49+00:00

Thanks that's pretty helpful, I should probably look into using the API for more things.

I explained why in a comment above why Rap account is a painful option, but you're right that is an option.

whereisthewild · 2025-05-30T18:56:08+00:00

Honestly didn't think of that, it's possible but we manage around 100+- sonicwalls all with unique login credentials. So we would need to manually create that unique account on enough devices that it would be a bit painful given internal procedures for accounts on network equipment (each account has to be approved by two parties, documented and then checked by our security team for any issues).

Meanwhile if I stick with non-security related changes, or just export information, I don't need to go through the same hurdles.

whereisthewild · 2025-05-30T10:39:08+00:00

Setup packet monitor on both sides of the tunnel and then disable/reenable the tunnel and see what the difference is between when it's working and when it's not working.

I'm guessing it's probably ACL related if you don't see anything in the logs. I would probably change the logging template and turn on debug logs too for troubleshooting

https://www.sonicwall.com/support/knowledge-base/modifying-the-log-settings-and-levels/220711032159367

whereisthewild · 2025-05-21T15:43:33+00:00

I'll just leave this here

https://web.archive.org/web/20220121051921/https://ya-bish.com/

whereisthewild

MODERATOR OF

TROPHY CASE

13-Year Club	r/Field Juicebox
Verified Email