Solved

Sonicwall TZ170 login credentials have changed...cant get access

Posted on 2006-11-29
26
327 Views
Last Modified: 2010-04-08
I have a Sonicwall TZ170 running the enhanced OS (intrusion prevention, monitorin, etc) and have only had it for the last 2 months.

i work with an external IT engineer, and late last week reported to me that his settings and access had been lost, however my rmote access and login access to the firewall were fine (we use the same username/password).

As of monday i now cant accss the firewall due to bad username or password. Only chagned i have made int he firewall are ports, i have ad created a few servies and access rules and forwarded a few ports.

Now i have contacted sonicwall and they have said that configuring ports and services in no way can afftect/alter the login credentials...the only way that it could have been changed is if it had been changed purposly and that even if someone have "hacked in" the enhanced OS and other features would have notified me and known and would have most likely prevented this....

Is it somehow possible in any way shape or form that forwarding ports would have caused this??? anyone input would be greatly appreciated...
0
Comment
Question by:secoadmin
  • 12
  • 12
  • 2
26 Comments
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18042444
Forwarding ports and adding firewall access rules would not cause the password to change
On the system administration page is where you change the password, but to change you must know the old password to change to a new password.  Have you tried accessing it from the wan and lan. if the username password worked for you it should have worked for him.
If your firmware got corrupt things like this could be possible
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18042488
from sonicwall's website:
If the SonicWALL's admin password is lost, there is no backdoor or other mechanism to bypass the administrator login. Please note that prefs files do not contain the admin name and password. So if you reset the firmware and import a current prefs file, you can gain access using the default login credentials ('admin' & 'password'). Without a current prefs file, you must reset the firmware and configure from scratch.

For models running SonicOS (Enhanced or Standard), you can reboot to factory defaults. This resets all settings including the admin name, password and LAN IP address. Import the current prefs file. The configuration is restored and use the defaults 'admin' and 'password' to login.
0
 

Author Comment

by:secoadmin
ID: 18042594
so configuring new access rules or forwarding ports couldnt have corrupted settings in the firewall either???

0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18042648
Usually corrupted firmware comes from importing new firmware over the existing firmware. you can change the access rule to allow https management from a certain IP only. Have you tried connenting from the lan of the sonicwall. If https management is not enalbed you can not connect from the outside only inside the network. if you can not connect with username password from the lan reboot reset by holding in the reset button then you will go into safe mode then use admin password and boot with current settings this will not take out all of your settings.
0
 

Author Comment

by:secoadmin
ID: 18042664
i will give that a go.

yeah i have tried connecting from within the lan and it tells me wrong username and or password.
0
 
LVL 10

Expert Comment

by:budchawla
ID: 18047625
The only way I can think you may lock yourself out of a sonicwall by editing firewall rules is to disable HTTP/HTTPS access to the administration interface... but then that should give you problems accessing the login page, not give you a bad password error..

At the risk of sounding condescending, are you sure you are using the right password? Have you tried from a different PC to make sure it's not a keyboard issue or something similar? Do you have any local users set up on the firewall with "limited management capabilities"?
0
 

Author Comment

by:secoadmin
ID: 18049501
i have tried from different pc's with diff username and passwords and no luck....
0
 
LVL 10

Expert Comment

by:budchawla
ID: 18049529
I'm guessing you don't have a backup of the current settings, otherwise as jasonpaine mentioned above you would be best served by resetting the box and importing your settings...
Once you're convinced that you are using the correct password, and that it's not being typed funny etc, AFAIK you have no option but to reset the device...
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18064573
Any luck getting into the sonicwall?
0
 

Author Comment

by:secoadmin
ID: 18064653
no not yet, i know i will have to re-do the firewall and start from scratch but more of just to ascertain as to how you get locked out of a firewall when you ahvnt changed the password
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18087043
Not sure how you got locked out...usaully if a firewall access  rule got changed you would not be able to access the sonicwall...
Good luck on the reconfig
0
 

Author Comment

by:secoadmin
ID: 18089304
when i say access rule as in setting new ports.
specifiying the service and what port it will use (access rule) and then forwarding the forwarding the port..............today i will try the safemode boot and see if that works if not blow it away and start from scratch
0
 

Author Comment

by:secoadmin
ID: 18090196
i booted into safe mode.

i donwlaoded the backup images it had and then loaded the sonicwall from scaratch. it was a corrupt firmware  as i tried ot load the backed up firm ware and it said oculdnt load as it was corrupt....

so firewall is up and running.

however now i cant mail coming in..sending is fine but receiveing no go...i have created the access rule to allow:

WAN to LAN -> SMTP (p.25) to 192.168.1.2 (exchange Ip address) and no mail...lol
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 7

Accepted Solution

by:
jasonpaine earned 500 total points
ID: 18090277
Did you get rid of the corupt firmware, to verify download the Tech Support Report from the system > Diagnostics at the top of the page...previous firmware has a - negative sign then corrupt
The corrupt firmware was locking you out.
create a inbound and outbound NAT policy for SMTP to go with your access rule
http://www.sonicwall.com/support/pdfs/SOS2e_Enhanced_NAT_Policies_How_To.pdf
see page 9,10;11
0
 

Author Comment

by:secoadmin
ID: 18090299
hmm okie dokie will have a look.

with NATing we dont do that from the Firewall, the Router does the NATing.

i tried:

WAN to LAN
WAN Primary IP -> Exchange IP on port 25

and no good, i did this last itme i setup the firewall it was something small i was forgetting or something in the settings that i did but cant remember waht it was

0
 

Author Comment

by:secoadmin
ID: 18090346
ohh sorry i mis read your post, my bad

will do now and let you know
0
 

Author Comment

by:secoadmin
ID: 18090422
i am having trouble adding the NAt policy.....it is not as straight forward because we are running the upgraded OS?
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18090707
What version are you using 3.2  3.6?
0
 

Author Comment

by:secoadmin
ID: 18090729
3.2

i am pretty sure i haev the access rule setup correctly, buts its the NAT policy that i am unsure off

WAN - LAN
WAN Primary IP -> SMTP -> Exchange
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18090786
On your Network > NAT Policies page: add
outbound NAT
0
 

Author Comment

by:secoadmin
ID: 18090798
i figured out the NAt policy, but i realised i forgot to allow pop3 in the acces rule to retreive mail......lol

thanks jasonpaine your a gun!!!!
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18090808
Opps
Outbound nat
smtp server private
smtp server private
any
original
x0
x1
enable nat

inbound
smtp server public
smtp server private
smtp
original
x1
any
enable
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18090811
glad to help!!
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18097394
is all well wit ht he sonicwall?
0
 
LVL 7

Expert Comment

by:jasonpaine
ID: 18108411
Anything else
0
 

Author Comment

by:secoadmin
ID: 18111982
nah hat shoudl bd it the rest ic an try and figure out thanks again
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Sonic Firewall re-routing 443 wrong server IP 10 89
Sonicwall Email los and Alerts 1 55
Logging pfSense on Kiwi 4 63
Sonicwall Traffic 17 77
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now