r/sonicwall

NSM is so bad and unreliable

Anyone else now getting this on NSM in Firefox only. Chrome works fine. You'll get into Sonicwall, click on the NSM icon and then it just gets stuck on this. Cleared cookies, cleared all sonicwall cache. Do it in a private browser window, still does it. Gone on another, totally different machine, does the same.

https://imgup.uk/i/Cv9u3qgb.png

Also the captcha coming up pretty much any time you try to login and the "I sign in frequently" being totally ignored.

reddit.com
u/steviefaux — 3 days ago

WAN Routing Question

I'm having a mental block on this one...help me out.

I have 2 sites with a NSA at each.

Site A has 2x WAN connections setup in Failover/LB with X1 as the live and X2 as the failover.

I have a VPN between the two sites (tunnel interfaces). I need the VPN at Site A to use X2 as its preferred connection to reach Site B. I've achieved this by binding the VPN to X2. The problem with doing this, is that if X2 fails, the connection won't automatically failover to X1.

My question is, how can I achieve redundancy whilst preferring the failover (X2) connection on the VPN? I can't have another tunnel interface using X1 as you're not allowed multiple tunnel interfaces with the same target address...

reddit.com
u/gumbo1999 — 4 days ago

SonicWall TZ370 (SonicOS 7.3.3-7015) - WAN2 randomly changes between "Target Alive" and "Target Unavailable" Failover & LB

Title:

I'm running a TZ370 on SonicOS 7.3.3-7015 with WAN Failover & LB enabled.

My setup is:

  • WAN1 → Router fiber #1
  • WAN2 → Router fiber #2
  • Two completely independent fibers connections (separate routers)
  • Each router uses 192.168.1.1 as its LAN IP
  • WAN1 IP: 192.168.1.35
  • WAN2 IP: 192.168.1.36
  • Both gateways are 192.168.1.1 (different physical routers, separate Layer 2 networks)

I'm using the new SonicOS 7.3.3 feature that allows W0-WAN and X1-WAN to be in the same subnet.

The problem is that only WAN2 intermittently changes between "Target Alive" and "Target Unavailable". WAN1 is always stable.

The Internet connection on WAN2 appears to be working normally during these events. I've already changed the probe target from the default SonicWall responder to public IPs (such as 1.1.1.1 and 8.8.8.8), but the behavior is the same.

Has anyone seen this?

I'm trying to determine whether this is:

  • a known issue with SonicOS 7.3.3-7015,
  • a limitation or bug with the new same-subnet dual-WAN feature,
  • a WAN health monitoring issue,
  • or something specific to Movistar.

Any suggestions for additional troubleshooting or settings to check would be appreciated.

reddit.com
u/Due-Idea-4118 — 4 days ago

SonicOS 7.3.3 - dangerous defaults with new GEO-IP filter additions!

SonicOS 7.3.3-7014 (and now -7015) adds two new GEO-IP filters: Kosovo and South Sudan

However, it adds them as ALLOWED in your global GEO-IP filter, so if you scope GEO-IP to only allow specific counties, these will be added and allowed to communicate with your router.

Horribly irresponsible defaults on Sonicwall's part, these additions should default to BLOCKED.

Plan to fix your GEO-IP list as part of your upgrade process!

reddit.com
u/mavantix — 5 days ago

Firmware upgrade downtime

Am I crazy or is the individual downtime per firewall significantly less in a stand alone environment vs. Active/Passive HA environment?

Did a number of quarterly updates this month, from various versions, to the latest. I run constant pings to internal/external monitoring ips to see when to log back in.

Single firewall sites had downtime that was usually 80-100 seconds.

Did 3 HA sites and each individual unit was down for 4-600 seconds.

reddit.com
u/whereisthewild — 5 days ago

Problem installing SonicWall NetExtender 10.3.5 on Windows 11

Tried both EXE and MSI files. Still problem with NEService.exe. An error says Windows cannot access the file. The file is there. No 3rd party Antivirus software is running. Windows Security is silent, no warning.

Any idea?

reddit.com
u/samwong1127 — 5 days ago

SonicWall Network Security Manager - Latest Update

Hello r/sonicwall community,

SonicWall shipped NSM 4.2 (SaaS and On-Premises) on June 30, 2026. Below is a quick summary of what is new in firewall management, visibility, and MSP operations.

What launched on June 30, 2026

NSM 4.2 (SaaS and On-Premises)

Top Features

•        Configuration backup promotion -- Customers not yet on a Support plan or bundled services get to experience configuration backup for 90 days at no cost. Reduces operational risk with no commitment required. Customers already on Support have this now.

•        Real-time connectivity status with 30-day history -- Firewall inventory now shows live connectivity status alongside uptime. A 30-day history is available so administrators can immediately distinguish a firewall problem from a network path problem, without guessing or escalating unnecessarily.

•        Gen 8 model migration support -- Customers mid-upgrade or replacing hardware can now move between Gen 8 models through the NSM migration app with fewer manual steps. Eliminates the risk of misconfiguration at cutover and reduces the friction that delays hardware refresh decisions.

 

Other Enhancements

•        Tenant-grouped firewall inventory -- MSPs and MSSPs managing multiple tenants can now navigate directly to a specific customer's firewall inventory without filtering a flat list. Reduces NOC navigation time and improves service delivery speed.

•        Custom branding for PDF reports -- NSM PDF reports now support MSP and MSSP branding, including About Us and Contact Us sections. Partners can deliver white-label reports under their own name without post-processing the output.

 

Happy to answer questions on configuration backup activation, Gen 8 migration planning, or NSM tenant setup.

More details

reddit.com
u/SNWL_PMM_LT — 6 days ago

Troubleshooting multiple ISP with one firewall

Using Starlink in rural areas at work sites. The company has two ISPs - one dedicated to business use and the second dedicated to personal use. Both ISPs are configured on a single SonicWall TZ300. We have an MSP that claims to have a segmented Guest and Office network. Everything works great until the ISP's personal-use plan gets throttled. All the networks also behave as if they are throttled, even though the ISP has hundreds of available GBs for office use. I am having a hard time communicating with and troubleshooting this with our MSP.

MSP insists everything is fine, while staff can't load a single file from SharePoint as soon as the guest network plan is throttled. Swapping between the two networks does not solve the problem. Safe to assume the Guest network plan will be throttled every single month. It's to the point that I am considering a blanket ban on all streaming and social media sites. 4-6 users average 150 GB a day.

What should I have our MSP be looking at and reviewing so I don't have these constant throttling issues on our office network?

I have been reassured multiple times by our MSP that having two ISPS on a single firewall can provide exactly what we need.

I am not terribly keen on the idea of having separate firewalls and access points at a single work location. The company is unwilling to risk users engaging in inappropriate behavior online in these rural areas, so not having a firewall is out of the question for guest usage.

Access points are a UniFi blend of U6 and U7 long-range models. The total number of users maxes at around 45 people.

reddit.com
u/Fabulous-Weird1386 — 5 days ago

Setting up Sonicwall for small medical office

hello everyone! I was hoping to get some help with installing a Sonicwall Tz280w for a small medical office. I'll provide some context of the environment:

  • I work for an MSP and the client (medical office) requested to purchase a firewall
  • Their environment is completely wireless with the exception of their Copier (they have workstations and ring cams)
  • they have spectrum business internet and have a flat network (192.168.x.x)
  • Geek Squad help them get set up years and years ago before they reached out to us so this a new client

The problem:

I never really had set up a firewall for anyone before; I came from environments that had everything preconfigured and installed working as a in-house IT guy or team. This is my first MSP job after I took a break to start a small business for a year.

I was tasked to set up the firewall and what I did was register and configure the firewall at the office. I set up the object profiles, created the SSID for the firewall to broadcast, and created vlans for the cams, guest network, and the staff wifi. Then once configured, I took it to the office and plugged it in and plugged a cable to spectrum router to the firewall and got all the devices to connect to the firewall. They had connectivity and I checked to make sure everyone could print and the cameras were visible in their segregated VLAN. gave the logins to the office manager and thought it was good to go.

We got a call Monday afternoon saying they couldnt scan to their folder on their desktops and needed support so i was sent over. I fogotten the copiers were on the spectrum routers IP and not the firewall but i thought it was weird that the printing still work so i assumed they could still handle everything. I attempted to change the IP of the copier but then no one could print or scan. I also plugged the copier to the firewall thinking this would do something but nothing happened. I checked the address book of the printer and turns out they have it to where the path is just going to a folder name and the direction is just the PC name. I think their printing solution company set that up so i thought maybe there is some rule preventing the lan to talk to the vlan but even changing that rule, the printer couldnt scan to folder to the IP of the firewall/router everyone was now set up in.

The Setup:

  • Firewall: SonicWall TZ 280W
  • LAN (Wired): 192.168.0.x (Canon MFP is here at 192.168.0.199)
  • WLAN (Wi-Fi): 192.168.20.x (Windows 11 Target PC is here at 192.168.20.67)

The Issue:

The Canon MFP fails to Scan-to-Folder (SMB) to the Windows 11 PC on the Wi-Fi. The job hangs on "Resending..." and eventually spits out a "TX Incomplete" error.

To isolate the printer, I tested basic PC-to-PC file sharing across the subnets (from a wired PC at 192.168.0.5 trying to access \\192.168.20.67). It gets instantly blocked with a "Network path not found" error.

However, pings (ICMP) between the two subnets work perfectly.

what i tried:

  • SonicWall Access Rules: Created explicit ALLOW rules for both LAN ➔ WLAN and WLAN ➔ LAN (Source: Any, Destination: Any, Service: Any).
  • Security Services: Turned OFF Gateway AV, Anti-Spyware, and IPS (DPI) on these specific access rules to prevent packet inspection drops.
  • WLAN Zone: Verified "Enable Guest Services" is strictly disabled on the WLAN zone.
  • Windows Firewall: Turned completely OFF on the target PC across all three profiles (Domain, Private, and Public).
  • Third-Party AV: Verified no third-party AV or endpoint protection (McAfee, SentinelOne, etc.) is hijacking the Windows firewall.
  • Windows Permissions: Share permissions set to Everyone with Full Control. Verified the SmbScanUser account has a password.
  • Windows SMB Config: Disabled SMB Signing via Group Policy on the target PC just in case the firewall was mangling the modern cryptographic handshake.

My thoughts are what if I either change the IP of the firewall to the 192.168.0.x range so they are all in the same IP range. Not sure if this would fix it. OR if i should just keep the devices on the spectrum router and try to set up the firewall to just monitor and NOT act like a router.

Any and all help would be super helpful, thanks everyone!

reddit.com
u/coco_shibe — 6 days ago

SonicOS 7.3.3-7015 got released (pulled -7014) to fix NSM related issue

Without much noise the -7014 build of the 7.3.3 got pulled and replaced with -7015 to fix some NSM related issues, just in case somebody is affected.

GEN7-58565

After upgrading to SonicOS 7.3.3-7014 some SonicOS 7 firewalls managed by NSM may display as Offline or Out of Sync. In affected environments, Zero Touch provisioning and NSM communication may not function as expected. This issue is limited to specific management port 8080 configurations. For complete details, impacted configurations, and resolution steps, please review the following knowledge base article for details: Firewall Shows Offline / Out of Sync in NSM After Firmware Upgrade to SonicOS 7.3.3.

https://www.sonicwall.com/support/knowledge-base/kA1VN000001eeuD0AQ

https://software.sonicwall.com/Firmware/Documentation/232-006386-00_RevJ_SonicOS_7.3_ReleaseNotes.pdf

--Michael

reddit.com
u/BWC_DE — 8 days ago

Why might a person’s work-from-home SonicWall NetExtender connection get dropped each time they left-clicked the taskbar on their monitor?

I use Sonicwall NetExtender then Remote Desktop Connection to work from home. I have certain things lIke Outlook email in my taskbar.For some reason if I click the taskbar, My connection drops. Has anyone a clue as to why this might happen?

reddit.com
u/Gen7Gen9 — 6 days ago

Is this a bug? Firmware ver 8.x

I am editing the default http/https NAT and firewall rules to only allow connectivity from a few offices. When I apply the address group as the source it applies my settings, but then it creates a new NAT rule with the source as any. For now, I just disable the new rule it creates. It does this for http and https and only for the NAT Policy, it does not do it for the firewall rules.

This doesn't seem normal to me.

reddit.com
u/tdhuck — 7 days ago

SonicWALL Live Best Practices Program

Hello, I'm currently making a program that I wanted to get the interest from the community on.

I've made a program that runs the configs through the SW recommended best practices to help me see where all of my SW's configurations actually sit.

Tell me what you think from the pictures.

***This program is not owned, endorsed, or promoted by SonicWALL. This is a program of my own making and not affiliated with SonicWALL at all.***
https://imgur.com/a/mo4SrG2
https://imgur.com/a/sb2wGTU
https://imgur.com/a/3m1Ec0C
https://imgur.com/a/uJhYyeN

u/FiniteMath-In — 10 days ago

Do not install on-prem NSM 4.2

I'm convinced that sonicwall is not testing builds of things before they release them...

We installed, broke our server pretty bad and now we discovered that it deleted at least 1 firewall.

Be warned.

Edit: for what its worth after playing with the views the device suddenly re-appeared. And before you ask, yes I tried searching by serial number and device name, both said it didn't exist.

reddit.com
u/NetworkDock — 10 days ago

On site linux server for access tier setup

Wondering if anyone has setup an access tier for CSE using a linux server. Have you found anything quick, or easy to setup? Were looking to try it, but we aren't sure the best way to deploy it on site. Wondering if a raspberry Pi would have enough power to handle the connections, or if deploying it as a VM would work as well. Anyone had a chance to deploy it yet and found any issues?

reddit.com
u/Historical-Car-9178 — 10 days ago

Wireguard SSLVPN Protocol Setting Gone From SonicOS 7.3.3-7014

It should be noted that if your 10.3.4/10.3.5 NetExtender clients are set to use WireGuard as the Protocol in the client Connection Profile, and your Gen7 SonicWalls are on the latest firmware revision (7.3.3-7014), connection will fail with the following error: VPN Protocol Not Found. This became a problem across our entire environment. Although I have created a support case about it, I am posting it here as I have not seen anyone else mention this issue.

What would the equivalent be in the new settings? The reason we switched to WireGuard protocol to begin with was a more reliable connection and more secure codebase (big after the SSLVPN issues of last year), and now that option is completely gone with no explanation in the firewall or client release notes that I've found.

reddit.com
u/Turbulent_Frog7878 — 13 days ago

SonicOS 7.3 - How to block a specific subdomain (keep.google.com) while keeping the main domain allowed?

Hi everyone,

I'm facing a challenge on a SonicWall running SonicOS 7.3.0-7012.

We currently have a custom FQDN/URI List allowing access to google.com. However, I need to block a specific sub-app/subdomain: keep.google.com.

I have two main questions for the community:

  1. Does an "Allow" rule for a main domain always override a specific "Deny" rule for a subdomain in SonicOS 7? If I have google.com allowed, will the firewall ignore a block rule for keep.google.com?
  2. What is the best practice to achieve this split-horizon block on SonicOS 7.x? Should I handle this via App Control, Content Filtering (CFS) with Forbidden Domains, or specific FQDN Address Objects matched with Access Rules?
reddit.com
u/Johnny_Utah_RRF — 12 days ago

NSM Issue: Firewall Offline / Out of Sync Gen7 units since 19/06/2026

Nope it's not the 7.3.3 software as we haven't upgraded those units yet

sonicwall claims to say that it's because of the firmware. ( sorry pal i'm not sure why you are hiding behind this wall of shame but that is not the original cause )

Sonicwall has done something in their backend and it caused a chain effect of these even on firmware 7.3.2-7010 we are seeing it on.

Here's to sonicwall : Stop hiding behind your new article and tell us what you have done because we have to go into our units ( MANUALLY ) and do something. now if it was just a couple units i would still be frustrated but would get on with it but for us there are way too many units to do this quickly.

WHAT HAVE YOU DONE??? stop deflecting and come clean!

UPDATE: there is no update because SonicWall still has not replied to my DM when they have asked.

i will keep this post updated as i go and will provide complete 1 to 1 transparency as to what SonicWall will be telling me and i will relay this back to you folks

reddit.com
u/slabstatic — 13 days ago

LDAP Quota Exceeded

I am hardening my firewall based on recommendations following a security audit. One of the suggestions was to use my domain account instead of a local account for administration, so I made the change without too much of a problem. About a week later, I was unable to log in and only received the error "LDAP Quota Exceeded". LDAP is still working, and no other domain accounts are having an issues. I figured there was a hidden setting somewhere that limited how much a non-local admin account could do but haven't been able to find anything like that. My account has also been unable to login again after waiting for over a day, and about the only articles I've found are for setting up LDAP with no mention of this specific error. Is there something I can try or a different resource I can use?

reddit.com
u/Theprofessionalmouse — 11 days ago

Cloud secure edge app wont open

A user is having issues getting the app to open. Running it as admin worked but is not a solution. Have made the user a local admin to test, this still doesn't open the app. Now running it as admin doesn't work either. Its on the latest version as I did the update while running as admin.

Would prefer not to have to reinstall the laptop for the sake of one app!

reddit.com
u/randysailor — 13 days ago