Sonicwall Pro 2040 - Problem accessing a site

It is the IPS that is catching this problem.

An explanation of IPS can be found in this manual

  ftp://ftp.sonicwall.com/pub/info/ips.pdf


The following is from the nmap manual about TCP NULL scans.
-sR (RPC scan)
This method works in conjunction with the various port scan methods
of Nmap. It takes all the TCP/UDP ports found open and floods them
with SunRPC program NULL commands in an attempt to determine
whether they are RPC ports, and if so, what program and version
number they serve up. Thus you can effectively obtain the same info
as rpcinfo -p even if the target´s portmapper is behind a firewall
(or protected by TCP wrappers). Decoys do not currently work with
RPC scan. This is automatically enabled as part of version scan
(-sV) if you request that. As version detection includes this and
is much more comprehensive, -sR is rarely needed.

Hi, IPS isn't activated at all.

Is there any rule that can be created without having to add-on the IPS security?

Adding IPS will not stop the problem, it is what I thought caused it.

I can freely access the https://box.com site from my office and I am behind a Sonciwall. It might have something to do with the fact that your PRO2040 is quite old, and may not do things the same as the newer devices.

Do you have the last verion of SonicOS for the PRO2040?

Yeah, we do have the latest version.

It is one of our customers with the issue. What is weird is we pulled their configuration and uploaded onto a spare one we have here, then changed the wan settings and we can access the site without any problems.

Only difference is we are on BT and they are on talktalk.

If you connect a laptop directly to the ISP router at your customer location, can you access the site?

Yeah, that works fine.

If you can, my next step would be to bring the spare Sonciwall you configured with their setup to their office, plug it in and see what happens.

Yeah that is already booked in for Thursday evening, so will see how that goes :)

When you say

...pulled their configuration and uploaded onto a spare one we have here...

Did you do this manually or export/import settings? If it was a settings export/import was the firmware the same as the production unit or a lower version?

Are you running SonicOS standard or enhanced?

Are any of the following checked?
Network > DNS
Firewall Settings > Advanced
Firewall Settings > Flood Protection
What is the SYN Flood Protection Mode set to?

Security Services > Summary

We exported then imported onto the new one. Both on the same firmware.

It is standard.

Network DNS > Can't find this setting on the 2040.

Firewall settings advanced >  Both are not enabled.

Firewall Settings Flood Protection > First two can't see these settings, bottom two are not enabled.

Security Services Summary > Can't see this setting on the 2040 within here.


Switched on all of these and tried again but no luck:

Enable IP Header checksum enforcement  
Enable TCP checksum enforcement  
Enable UDP checksum enforcement  
Enable ICMP checksum enforcement

It could be a firmware bug.

I haven't seen anyone talk about rebooting the firewall. I know it's an obvious one but sometimes the obvious ones are glossed over for their very being.

Do you have an active CGSS license? If so, and if App Control or SSL Control are available disable both and retest. In fact if you haven't already disable all Security Services (if applicable) do so and retest.

When did this start occurring? If it was good previously try going into Safe Mode on the SonicWALL. To do that go to System > Settings menu (it will be
under the Firmware Management section) and there you can access the SafeMode menu and boot to last know configuration or the last stored firmware version.

The Pro 2040 has passed End of Support (EOS), which was July 1, 2013...so this would be an opportune time to get the customer into an NSA 2400 firewall upgrade, which is the recommended upgrade path by SonicWALL.

Let me know how it goes.

Yeah the router has been rebooted a few times.

Not for this client unfortunately & all security services are disabled.

Hard to tell as they have only just started using https://box.com so cannot give a time frame.

Will have to try that out of hours, so will give it a go tonight as got maintenance booked in.

Yeah, we are trying to get them to upgrade to a new device, but sometimes asking a customer to spend 2000+ isn't an easy option :)

I did notice on mysonicwall there is - Newer Software Version 3.1.6.6-p_9s released but you need an active support contract to download it, therefore they are running on 3.1.6.5-p_8s. Can't seem to find it anywhere else on the net unfortunately either.

Gotcha. Well here's hoping the previous firmware version will do it.

Did you swap in your spare Sonicwall, and if so did it make any difference?

Happening tonight Carl at 6pm UK time.

Still didn't work with our spare one that we had here. Could not access the site still.

As it was just a plug and play test due to time constraints, we are going back at the weekend where we will have more time.

Going to factory default the Sonicwall and try again. Also going to take a TZ210 and try that.

Will update on Monday with the outcome.

Since you will have a little time, I suggest that after you go to factory defaults and reset the interface addresses, that you try this site before you add any other programming. Essentially with nothing but the default Sonicwall settings.

At that point I assume it will work. Then add the rest one at a time starting with the security services, until it fails.

If it does not work as above, I would try the same with the TZ210, since it will have a later version of the SonicOS.

Murphy in the house! My gosh! Well, I'm glad it's all taken care of!

You can select your answer (http:#a39520374) to close this question.

Let me know if you have any questions!