4 Replies Latest reply on Apr 27, 2017 4:29 PM by skullyard

    Is Sonicwall and Solarwinds ever going to work together?

    skullyard

      I had a NSA250 now I have a TZ400. All current.

       

      Firmware Version: SonicOS Enhanced 6.2.7.1-23n

       

      Safemode Version: SafeMode 6.2.3.9

       

      ROM Version: SonicROM 5.6.2.1

       

       

      Netpath will NOT work unless these 3 things are UNCHECKED...

       

      • Enable Stealth Mode
      • Randomize IP ID
      • Decrement IP TTL for forwarded traffic

       

      See pic...

       

      2017-04-26_15-57-25.png

       

      BUUUT... I do NOT know the risk(s) of leaving them unchecked.

       

      Test it and you will see. Sonicwall NOR Solarwinds can fix this and I have case numbers to prove it.  Had we known this before we dropped $10k on Solarwinds...

       

      Meh!

        • Re: Is Sonicwall and Solarwinds ever going to work together?
          sean.martinez

          NetPath follows rules similar to Traceroute. These Detection Prevention options are designed to obscure network replies.

           

          Traceroute uses TTL increment increase as notification that a layer 3 exists. From How Trace Route Works: TTLs

                    Trace Route works by setting the TTL for a packet to 1, sending it towards the requested destination host, and listening for the reply. When the initiating machine receives a "time exceeded" response, it examines the packet to determine where the packet came from - this identifies the machine one hop away. Then the tracing machine generates a new packet with TTL 2, and uses the response to determine the machine 2 hops away, and so on.

           

          Decrement IP TTL for forwarded traffic Configuring Advanced Firewall Settings (SW12547)  - Time-to-live (TTL) is a value in an IP packet that tells a network router whether or not the packet has been in the network too long and should be discarded. Select this option to decrease the TTL value for packets that have been forwarded and therefore have already been in the network for some time.

           

          Enable Stealth Mode option from What is Stealth Mode? (SW3859)

               Normally, when a connection is attempted to the SonicWall or a node behind it from the WAN or DMZ, the SonicWall sends a reset packet back to the client that initiated the connection then drops it. This is the correct behavior based on the IP protocol specifications. However, some users prefer that security devices not respond at all, as any response confirms that a device exists at the IP address to which the client tried to connect. If the security device does not respond, the result is as if the remote node is trying to connect to an IP address that is not assigned to anything. This is known as stealth mode.

           

          Randomize IP ID Configuring Advanced Firewall Settings (SW12547) - Select Randomize IP ID to prevent hackers using various detection tools from detecting the presence of a security appliance. IP packets are given random IP IDs, which makes it more difficult for hackers to “fingerprint” the security appliance.

          1 of 1 people found this helpful
            • Re: Is Sonicwall and Solarwinds ever going to work together?
              skullyard

              sean.martinez

               

              Thank You!

               

              Great feedback and much appreciated info.

               

              That said... if Netpath won't work with ANY one of those checked... do you think it's safe to un-check them permanently?

               

              If not... any idea how to make Netpath work with those enabled?

               

               

                • Re: Is Sonicwall and Solarwinds ever going to work together?
                  mesverrum

                  You are at odds here, the security appliance has those options to make itself invisible or harder to identify by remote tools, and you are trying to use a remote tool to gain visibility into the firewall as packets move past it.  You will be hard pressed to come up with a solution that will make both happen at the same time.

                   

                  Network security is always a balancing act between being gentle enough to not interfere with the intended uses of the network versus keeping things locked down enough that outsiders can't abuse it.  Unchecking those options will make your firewall more visible to outsiders, and it will allow your internal tool to function.  Only your organization can weigh those risks and decide if the Netpath feature provides you enough value today to make it worth the risk of an outside party identifying your firewall in hopes of finding a vulnerability against that product line.

                   

                  Netpath is neat but I would never consider it a deal breaker in terms of feeling like I am getting value from my Solarwinds purchase, it is just an icing kind of thing to me to go along with the core functionality as an NMS.

                  1 of 1 people found this helpful