Will do! Thanks for the feedback!

There is already a video on tunnel interface vpn :-)

Please!!! Fighting this now

Hi Z Tech! I’m so willing to do it that’s it’s already done! :-) How to configure Inter-VPN and SSL VPN routing kzbin.info/www/bejne/aIqlZoqOgLaUi6s

Hi Mitch! Thanks for your feedback on the videos! I don’t know all the ports on top of my head, but dns will be port 53 from the workstation to the DNS server. Simple Google should allow you to find the other ports needed

Those 2 ISP are fake. My home firewall (tz670) have x6 and x7 configure as 142.39.18.1/24 and 142.39.19.1/24 and both are DHCP server for their subnets. That provides me 2 fake internet lines. So yeah. It’s all fake!!! :-) lol Glad you like the videos!

Hum. Good topic! I’ll add it to my list. Thanks. If you want an easy way to do it, deploy a sonicwall firewall in AWS. It’s called a NSv. Then do a vpn between the NSv in AWS and your sonicwall firewall at the office. UI of NSv and tz/NSa are pretty much identical

Rule of thumb, if a vpn goes up, it means your encryption, authentication and stuff is good. If it goes down after a period of time (like 8 hours) and you bring it back up and it stops again after 8 hours, it generally because you have some mismatch in timeouts/reKey/life time in your vpn. Like one side can have a life time of 8 hours and the other side a lifetime of 12 hours. So vpn drops after 8 hours. There are a couple spots in a vpn that includes time variables. Always easier to do it with a sonicwall virtual firewall in azure because you can put both firewall side by side and compare settings. Hope that helps!

@@JeanPierTalbot VPN is showing up but after every 15min I am not able to ping remote azure subnet for 40sec and after that started pinging. I hope enabling netbios is not a problem.

Here is a good list. blog.sonicwall.com/en-us/2022/10/10-reasons-to-upgrade-to-the-latest-sonicwall-gen-7-tz-firewall/

Try turning logs on the auto generated policies and see if you see trafic from the tp-link. If you don’t, then you know what’s the issue :-)

You can. It will work

That’s an employee privilege:-)

@@JeanPierTalbot understand that. Thanks for the reply

Thanks Peter for your feedback. Solution is to change subnet on one end. :-) If that’s not an option, you will need to do 1 to 1 NAT in your vpn

Yes, but it brings its share of complexity that you will be dragging forever. You have to do NAT in your vpn creating 2 fake subnets. That might create challenges if you try to get 2 AD to talk. Or DNS might be a challenge as DNS should not resolve to the true IP of a device on the other site… My opinion: change subnet on one site. Otherwise here is how to do NAT in a vpn. It’s easy, but then you may face challenges with DNS and other stuff that won’t like the change of IP. Certificate comes into mind as a potential issue. www.sonicwall.com/support/knowledge-base/how-can-i-configure-nat-over-vpn-in-a-site-to-site-vpn/170515155805172/

@@JeanPierTalbot Thank you so much.

Currently editing a video where I did a vpn between sonicwall and Watchguard. Should be available in a week or 2

Mostly a windows firewall issue :-) Try ping on a printer or a switch (encore they have the firewall as default gateway)