Sonicwall TZ170 login credentials have changed...cant get access

I have a Sonicwall TZ170 running the enhanced OS (intrusion prevention, monitorin, etc) and have only had it for the last 2 months.

i work with an external IT engineer, and late last week reported to me that his settings and access had been lost, however my rmote access and login access to the firewall were fine (we use the same username/password).

As of monday i now cant accss the firewall due to bad username or password. Only chagned i have made int he firewall are ports, i have ad created a few servies and access rules and forwarded a few ports.

Now i have contacted sonicwall and they have said that configuring ports and services in no way can afftect/alter the login credentials...the only way that it could have been changed is if it had been changed purposly and that even if someone have "hacked in" the enhanced OS and other features would have notified me and known and would have most likely prevented this....

Is it somehow possible in any way shape or form that forwarding ports would have caused this??? anyone input would be greatly appreciated...
secoadminAsked:
Who is Participating?
 
jasonpaineConnect With a Mentor Commented:
Did you get rid of the corupt firmware, to verify download the Tech Support Report from the system > Diagnostics at the top of the page...previous firmware has a - negative sign then corrupt
The corrupt firmware was locking you out.
create a inbound and outbound NAT policy for SMTP to go with your access rule
http://www.sonicwall.com/support/pdfs/SOS2e_Enhanced_NAT_Policies_How_To.pdf
see page 9,10;11
0
 
jasonpaineCommented:
Forwarding ports and adding firewall access rules would not cause the password to change
On the system administration page is where you change the password, but to change you must know the old password to change to a new password.  Have you tried accessing it from the wan and lan. if the username password worked for you it should have worked for him.
If your firmware got corrupt things like this could be possible
0
 
jasonpaineCommented:
from sonicwall's website:
If the SonicWALL's admin password is lost, there is no backdoor or other mechanism to bypass the administrator login. Please note that prefs files do not contain the admin name and password. So if you reset the firmware and import a current prefs file, you can gain access using the default login credentials ('admin' & 'password'). Without a current prefs file, you must reset the firmware and configure from scratch.

For models running SonicOS (Enhanced or Standard), you can reboot to factory defaults. This resets all settings including the admin name, password and LAN IP address. Import the current prefs file. The configuration is restored and use the defaults 'admin' and 'password' to login.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
secoadminAuthor Commented:
so configuring new access rules or forwarding ports couldnt have corrupted settings in the firewall either???

0
 
jasonpaineCommented:
Usually corrupted firmware comes from importing new firmware over the existing firmware. you can change the access rule to allow https management from a certain IP only. Have you tried connenting from the lan of the sonicwall. If https management is not enalbed you can not connect from the outside only inside the network. if you can not connect with username password from the lan reboot reset by holding in the reset button then you will go into safe mode then use admin password and boot with current settings this will not take out all of your settings.
0
 
secoadminAuthor Commented:
i will give that a go.

yeah i have tried connecting from within the lan and it tells me wrong username and or password.
0
 
budchawlaCommented:
The only way I can think you may lock yourself out of a sonicwall by editing firewall rules is to disable HTTP/HTTPS access to the administration interface... but then that should give you problems accessing the login page, not give you a bad password error..

At the risk of sounding condescending, are you sure you are using the right password? Have you tried from a different PC to make sure it's not a keyboard issue or something similar? Do you have any local users set up on the firewall with "limited management capabilities"?
0
 
secoadminAuthor Commented:
i have tried from different pc's with diff username and passwords and no luck....
0
 
budchawlaCommented:
I'm guessing you don't have a backup of the current settings, otherwise as jasonpaine mentioned above you would be best served by resetting the box and importing your settings...
Once you're convinced that you are using the correct password, and that it's not being typed funny etc, AFAIK you have no option but to reset the device...
0
 
jasonpaineCommented:
Any luck getting into the sonicwall?
0
 
secoadminAuthor Commented:
no not yet, i know i will have to re-do the firewall and start from scratch but more of just to ascertain as to how you get locked out of a firewall when you ahvnt changed the password
0
 
jasonpaineCommented:
Not sure how you got locked out...usaully if a firewall access  rule got changed you would not be able to access the sonicwall...
Good luck on the reconfig
0
 
secoadminAuthor Commented:
when i say access rule as in setting new ports.
specifiying the service and what port it will use (access rule) and then forwarding the forwarding the port..............today i will try the safemode boot and see if that works if not blow it away and start from scratch
0
 
secoadminAuthor Commented:
i booted into safe mode.

i donwlaoded the backup images it had and then loaded the sonicwall from scaratch. it was a corrupt firmware  as i tried ot load the backed up firm ware and it said oculdnt load as it was corrupt....

so firewall is up and running.

however now i cant mail coming in..sending is fine but receiveing no go...i have created the access rule to allow:

WAN to LAN -> SMTP (p.25) to 192.168.1.2 (exchange Ip address) and no mail...lol
0
 
secoadminAuthor Commented:
hmm okie dokie will have a look.

with NATing we dont do that from the Firewall, the Router does the NATing.

i tried:

WAN to LAN
WAN Primary IP -> Exchange IP on port 25

and no good, i did this last itme i setup the firewall it was something small i was forgetting or something in the settings that i did but cant remember waht it was

0
 
secoadminAuthor Commented:
ohh sorry i mis read your post, my bad

will do now and let you know
0
 
secoadminAuthor Commented:
i am having trouble adding the NAt policy.....it is not as straight forward because we are running the upgraded OS?
0
 
jasonpaineCommented:
What version are you using 3.2  3.6?
0
 
secoadminAuthor Commented:
3.2

i am pretty sure i haev the access rule setup correctly, buts its the NAT policy that i am unsure off

WAN - LAN
WAN Primary IP -> SMTP -> Exchange
0
 
jasonpaineCommented:
On your Network > NAT Policies page: add
outbound NAT
0
 
secoadminAuthor Commented:
i figured out the NAt policy, but i realised i forgot to allow pop3 in the acces rule to retreive mail......lol

thanks jasonpaine your a gun!!!!
0
 
jasonpaineCommented:
Opps
Outbound nat
smtp server private
smtp server private
any
original
x0
x1
enable nat

inbound
smtp server public
smtp server private
smtp
original
x1
any
enable
0
 
jasonpaineCommented:
glad to help!!
0
 
jasonpaineCommented:
is all well wit ht he sonicwall?
0
 
jasonpaineCommented:
Anything else
0
 
secoadminAuthor Commented:
nah hat shoudl bd it the rest ic an try and figure out thanks again
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.