• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 666
  • Last Modified:

Setting up GVC access on TZ170 OPT

I have a few TZ170 sonicwall firewalls deployed.  On the main site we've hooked up an additional internet provider to the OPT port to get some redundancy.  My site to site VPNs will connect flawlessly on both the WAN and the OPT port when one connection goes down.  However I'm unable to get the Global VPN Client to connect on the OPT port.  The sonicwall is dropping the packets but I don't see any firewall rule telling it to do that.

2      11/19/2008 17:02:36.848      Notice      Network Access      UDP packet dropped      [CLIENT IP ADDRESS], 500, OPT      [OPT PORT IP ADDRESS], 500, OPT      UDP ISAKMP      
0
dkwiebe
Asked:
dkwiebe
1 Solution
 
airwrckCommented:
greetings, dkwiebe - Remeber, unless a protocol is explicitly *allowed* inbound on a firewall, there will be a default deny (the very last rule in the list).  Look through your firewall>access rules and find the Key Exchange (IKE) rule.  (It's usually a built-in rule that can't be enabled or disabled).  If the source is WAN and destination is LAN, you'll need to add a similar rule for OPT.  If there are two rules, make sure you add the reverse rule (LAN -> OPT), too.
0
 
dkwiebeAuthor Commented:
Thanks for your help.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now