I've worked with SonicWALL firewalls for over 10 years in hundreds of different installations. In order to understand how a firewall handles traffic, it helps to know how traffic is treated interally. For example it helps to know if the nat engine is traversed before the policy check or after, in order to configure the nat-policy and the access rules correclty.
Since generation 5 SonicWALL firewalls use cavium octeon cpus and they process everthing in cpu. This is a strength and a weakness of the firewall, after it can treat traffic very dynamically and using software-updates the handling of the traffic can be changed. However compared to for example asic processor architecture the performance usually is lower. So there are pros and cons.
The SonicWALL firewall internal packet flow looks like the following:
Packet fragmentation is handled as follows:
The packet capture feature can be helpful to understand the packet flow. However in rare cases it can mislead you after it is not 100% accurate when facing bugs in SonicOS:
https://www.sonicwall.com/en-us/support/knowledge-base/170513143911627
Subscribe to:
Posts (Atom)
Cribl - Change values to lowerCase
Some logs (e.g. Microsoft Azure) sometimes are not fully normalized to all lowercase characters. You can use Cribl to adjust those values by...
-
Howto add a route with a specific interface into the windows routing-table. This can be useful for example if you have a tunnel-all vpn...
-
If you are running a Windows Server 2016, are using the integrated Windows Server Backup utility and you want to save the backup to a remote...
-
You can either use the GUI of the FortiGate to list all certificates, or use the CLI. Either using the commands: Using the "get&qu...