Sonicwall tz190 drops WAN traffic after 10 - 20 mins

Posted on 2009-02-24
Last Modified: 2013-11-16

We run Sonicwalls for all our external connections. On Friday our subsiduary office noticed their internet connection was down and contacted their cable company who said the modem was reporting "wierd issues" so they sent someone down to replce the modem. 15 mins after the tech left the connection went down again.
The IT guy at the office discovered that rebooting the sonicwall brought the connection back up but it would fall over 15ish minutes later.
We've been on the phone with sonicwall and tried all of their ideas so far, plugging only one client computer into the firewall, upgrading the firmware, checking the number of connections etc.

The strange thing is, if you change the WAN connection from a static address to a DHCP address (or the other way around) the connection comes back up as if the process of changing the interface (down up) clears something somewhere.

I discovered that if you clear the ARP cache the connection comes back up as well.
Now I've found that if I set the "ARP Cache entry timeout " down to 1 minute from the default of 10 internet connectivity still drops but only for a few pings then comes back up.

By connection dropping I mean you just can't ping anything on the WAN side although as far as i see the sonicwall reports nothing wrong in any logs, it just silently starts dropping WAN traffic.

I'm also not sure whether this happened first or if the change of cable modem is causing some incompatability somewhere.

Anyone got any ideas before i speak to Sonicwalls call center again :-(


Question by:daveywilks
    LVL 32

    Accepted Solution

    Am not 100% sure but in smaller boxes of Watchguard SOHO6 we usually used to hit a problem when the network was infested with malware all the NAT ports on SOHO6 used to get eaten away by malicious traffic all outbound internet traffic to a stand still.
    Rebooting the box, or removing the rogue machine from the network used to help.

    From your description it sounds like similar problem; I am not familiar if we can see NAT table usage on Sonicwall also if we can manually free it.

    Thank you.
    LVL 1

    Expert Comment

    I am having a very similar issue with a TZ190.  I believe I have narrowed it down to the VPN services causing/contributing to the problem.  I implemented it at our clients site with WAN->Cable Modem, WWAN->AT&T 3G Wireless card, and dynamic VPN to our data center's Cisco ASA.  

    At the client site with the VPN active, the WAN port seems to go offline after about 20 minutes.  If I go in to the management page and disable the VPN, the WAN link seems to come right back up.  This device is supposed to replace a Cisco PIX 501 which has been working with the same VPN setup for years so I don't think it is a configuration issues unless there is a timeout hidden somewhere on SonicWall.

    I brought the device back to our office and ran my workstation off of it for a week without problems but I did not have the VPN tunnel up.  I am going to take it back and do more testing to see if enabling the VPN from our office causes the same problems.

    Please let me know if you had any success troubleshooting this.

    Expert Comment

    I am having the same issue as well.. our vpn users get a silently dropped connection after 20 mins or so.  Outlook freaks out and says it is trying to connect to our Exchange server.. If the user disconnects and reconnects.. it is fine..  for another 20-30 mins.
    LVL 1

    Expert Comment

    I had actually found a solution to our problem by calling tech support.  The first few people I spoke with didn't really seem to have a clue but I finally got one guy that confirmed it was an ARP issue.  Basically the cable modem network in our area privately on a 10.x.x.x network so the SonicWall was seeing what it considered a private IP address on the WAN port.  It would then apparently block that MAC address which happened to be the MAC address of the cable modem (the same one used to pass our public IP info) which would cause the connection to "drop".  The tech support guy had me go into some advanced screen and toggle an option for allowing ARP from private addresses on the WAN.  We had to type in the URL, it was not a clickable link but there were a bunch of very advanced options in there.  I wish I could find exactly what the URL was or what the option was but if you call support they should be able to tell you.
    LVL 1

    Expert Comment

    I had this come up again and I finally dug up the page.  I did a Google search for "sonicwall hidden config page" and found it is:  https://<ip_of_sonicwall>/diag.html.  Thanks to for the refresher.

    Inside there, you need to enable the setting for "Enable open ARP behavior (WARNING: Insecure!!)".  This will allow the system to respond to ARP requests from addresses which are not within the configured network of the interface.

    Hopefully this helps someone!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now