?
Solved

Sonicwall tz190 drops WAN traffic after 10 - 20 mins

Posted on 2009-02-24
6
Medium Priority
?
3,100 Views
Last Modified: 2013-11-16
Hi,

We run Sonicwalls for all our external connections. On Friday our subsiduary office noticed their internet connection was down and contacted their cable company who said the modem was reporting "wierd issues" so they sent someone down to replce the modem. 15 mins after the tech left the connection went down again.
The IT guy at the office discovered that rebooting the sonicwall brought the connection back up but it would fall over 15ish minutes later.
We've been on the phone with sonicwall and tried all of their ideas so far, plugging only one client computer into the firewall, upgrading the firmware, checking the number of connections etc.

The strange thing is, if you change the WAN connection from a static address to a DHCP address (or the other way around) the connection comes back up as if the process of changing the interface (down up) clears something somewhere.

I discovered that if you clear the ARP cache the connection comes back up as well.
Now I've found that if I set the "ARP Cache entry timeout " down to 1 minute from the default of 10 internet connectivity still drops but only for a few pings then comes back up.

By connection dropping I mean you just can't ping anything on the WAN side although as far as i see the sonicwall reports nothing wrong in any logs, it just silently starts dropping WAN traffic.

I'm also not sure whether this happened first or if the change of cable modem is causing some incompatability somewhere.

Anyone got any ideas before i speak to Sonicwalls call center again :-(

Cheers,

Dave
0
Comment
Question by:daveywilks
  • 3
5 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 23729634
Am not 100% sure but in smaller boxes of Watchguard SOHO6 we usually used to hit a problem when the network was infested with malware all the NAT ports on SOHO6 used to get eaten away by malicious traffic all outbound internet traffic to a stand still.
Rebooting the box, or removing the rogue machine from the network used to help.

From your description it sounds like similar problem; I am not familiar if we can see NAT table usage on Sonicwall also if we can manually free it.

Thank you.
0
 
LVL 1

Expert Comment

by:jyarborough
ID: 24976307
I am having a very similar issue with a TZ190.  I believe I have narrowed it down to the VPN services causing/contributing to the problem.  I implemented it at our clients site with WAN->Cable Modem, WWAN->AT&T 3G Wireless card, and dynamic VPN to our data center's Cisco ASA.  

At the client site with the VPN active, the WAN port seems to go offline after about 20 minutes.  If I go in to the management page and disable the VPN, the WAN link seems to come right back up.  This device is supposed to replace a Cisco PIX 501 which has been working with the same VPN setup for years so I don't think it is a configuration issues unless there is a timeout hidden somewhere on SonicWall.

I brought the device back to our office and ran my workstation off of it for a week without problems but I did not have the VPN tunnel up.  I am going to take it back and do more testing to see if enabling the VPN from our office causes the same problems.

Please let me know if you had any success troubleshooting this.
0
 

Expert Comment

by:ccreech
ID: 32834216
I am having the same issue as well.. our vpn users get a silently dropped connection after 20 mins or so.  Outlook freaks out and says it is trying to connect to our Exchange server.. If the user disconnects and reconnects.. it is fine..  for another 20-30 mins.
0
 
LVL 1

Expert Comment

by:jyarborough
ID: 32834400
I had actually found a solution to our problem by calling tech support.  The first few people I spoke with didn't really seem to have a clue but I finally got one guy that confirmed it was an ARP issue.  Basically the cable modem network in our area privately on a 10.x.x.x network so the SonicWall was seeing what it considered a private IP address on the WAN port.  It would then apparently block that MAC address which happened to be the MAC address of the cable modem (the same one used to pass our public IP info) which would cause the connection to "drop".  The tech support guy had me go into some advanced screen and toggle an option for allowing ARP from private addresses on the WAN.  We had to type in the URL, it was not a clickable link but there were a bunch of very advanced options in there.  I wish I could find exactly what the URL was or what the option was but if you call support they should be able to tell you.
0
 
LVL 1

Expert Comment

by:jyarborough
ID: 37729711
I had this come up again and I finally dug up the page.  I did a Google search for "sonicwall hidden config page" and found it is:  https://<ip_of_sonicwall>/diag.html.  Thanks to http://blog.pfuender.net/?p=345 for the refresher.

Inside there, you need to enable the setting for "Enable open ARP behavior (WARNING: Insecure!!)".  This will allow the system to respond to ARP requests from addresses which are not within the configured network of the interface.

Hopefully this helps someone!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question