Sonicwall Cas

[Jason]

HelloI am doing a migration from a Sonicwall device to a Palo device and I am not finding any migration tools that can help me. Does anyone know of a tool that will migrate from Sonicwall to PAN?

Probably not what you were hoping to hear, and I'll redibly admit it doesn't help answer your question, but I would personally take the time to rebuild the configuration during a migration. I say this for two reasons; the first being that you don't have to go back and 'Palotize' the configuration at a later date, and the second being you can take the chance to verify there are no un-needed configuration statements that get moved over.

As far as actually moving over a sonicwall configuration as you've already noted the migration tool does not include a sonicwall option. Sonicwall has been a very popular request as far as adding it to the migration tool goes, it simply hasn't been done yet. If you are comfortable working with XML I would suggest modifying the actual configuration file directly, it makes migrations like this a little faster in my experience.

We trialled a few at a customer site and we had random reboots and then some bizarre issue with the switch continually uploading to chicken-sonicwall.sonicwall.com [I'm not making this up, there were other animals as well, eg raccoon].

The Engenius versions of every model are quite a bit cheaper, and as they are the OEM then I would speculate that the support would probably be better as well, although I wouldn't know as I haven't used them.

In Sonicwall, you have to configure both the syslog server as well as the individual events you want to be sent via syslog, and it is a very extensive list. Here are some screenshots of my sonicwall config.

I'm replacing a sonicwall TZ100w with a Meraki MX64W. Have most of it setup, but I'm stuck setting up the VPN from the Meraki to our core Sonicwall: The Meraki lies behind a NAT device (Comcast modem) so the IP address isn't something I can put into the core sonicwall as a peer, since it will change. There appears to be some kind peer identifier for the Meraki, but I can't find where it's listed. Also, the TZ100w had an agressive mode, meaning the TZ100w would initiate the connection, so you didn't need a static on both ends, only the core end. Does the Meraki have something similar? I've seen some references to keepalive in a CLI, but I'm uncertain how to access that on the Meraki device.

Our typical practice is to get a static public IP, then have the ISP's equipment configured to pass the static IP through to the MX btw. So I'd get you a static IP, put the modem into bridge mode (or equivalent), and then go from there.

You'll also want to make sure your SonicWall is set to use IKEv1, and that your lifetimes match. I've run into issues before where the remote site SonicWall defaulted to IKEv2, which Meraki does not yet support.

What about adding in a MX on the core, then going hub mode site to site? I've seen this discussed, but if I put an mx on our core, do I have to put it in parallel with the sonicwall and setup manual routing?

you just need to transfer the mode on your modem into bridge mode and once it receives public ip then you can directly configure your meraki mx on non meraki peer vpn otherwise you need to do a port forwarding to open UDP ports 500 and 4500 specific for the ip address of MX on the modem side.

Yes, it is straightforward, but It assumes the meraki has a non-nat IP address. My MX would be behind a nat device (the comcast router) so that won't work, unless the bridge mode on the comcast router gives me a non-nat ip

We have a static IP business connection from Comcast, and a few weeks back the box crapped out. A tech came out and replaced the box. Now though, the VPN has stopped working. The client PCs can no longer connect over the VPN- the NetExtender app pops up with the message:

More details on the network setup that may be useful:The modem connects only to the Sonicwall. DHCP is enabled on the modem, and that issues a local address of 10.1.10.9 to the Sonicwall.

The sonicwall has no DHCP or DNS services enabled, it just sends its traffic to our Windows server that runs DHCP and DNS on 192.168.1.XXX. Local devices are given address on this 192.168.1.100+ pool.

Nothing has changed on the configuration side of the Sonicwall or the Windows server (DHCP and DNS), and I noticed the problem a few days after the new modem was put in. This makes me think the problem lies with the modem's configuration. Do I need to do a port forward or something at the modem level? Should DHCP be disabled on the modem?

You probably need port-forwarding enabled on this new box to forward traffic hitting it (on pubic IP address - internet-facing interface) to SonicWall (on IP address assigned from this box - 10.1.10.9). If you cannot make this change, ask your ISP Tech support.

Looks like SonicWall is not configured with static IP address. It used to receive dynamic IP address from old box as well. In my opinion, you should use static IP address (for interface connecting to modem) on SonicWall to make port-forwarding work properly.

3a8082e126