Solved

Can't PING SonicWall NSA 2400 from WAN

Posted on 2009-04-07
2
9,198 Views
Last Modified: 2013-11-29
I've read several articles, but still can't get my Sonicwall NSA 2400 to answer pings from the WAN. I understand that I should be able to do this in one of two ways:

1.) Forward PING traffic on to LAN server
2.) Forward to internal interface of Sonicwall

Due to the nature of the tests I need to run (for the ISP, who would REALLY like me to be able to ping the Sonicwall directly in order to remove any LAN device problems from equation), I need to make option 2 work.

I've tried to add firewall and NAT policies, and have pretty much stuck with using the 'Add Public Server Wizard' to create them. Here is what the wizard confirms it's going to do at the end:

---------------------------------------------------------

Public Server Configuration Summary

Please review the settings below and click "Apply" to create the new objects listed below.

Server Address Objects
  1. Create 'SW NSA LAN Interface Private' assigned to LAN Zone for Host 192.168.40.254.
  2. Reuse 'X1 IP' address object assigned to WAN Zone for 'INTERNET IP ADDRESS HERE''.

Server Service Group Object
  1. Create 'SW NSA LAN Interface Services' with Ping Service.

Server NAT Policies
  1. Create Inbound Server NAT Policy to rewrite packets to original destination 'X1 IP' to translated destination 'SW NSA LAN Interface Private'.
  2. Create Outbound Server NAT Policy to rewrite packets from 'SW NSA LAN Interface Private' to translated source 'X1 IP'.
  3. Create Loopback NAT Policy to allow access from all internal zones to the server at public IP address 'INTERNET IP ADDRESS HERE'.

Server Access Rules
  1. WAN > LAN - Allow 'Any' to 'X1 IP' for Service Group 'SW NSA LAN Interface Services'.
  Similar rules will be created from all lower security zones to the LAN zone.

To apply these settings, click Apply. To continue, click Next

----------------------------------------------------------------------------

At this point I click 'Apply' and the OS confirms the process was successful. I can then confirm that all the entries mentioned above seem to be in place, however pings to the WAN address still fail, and the log on the NSA continues to display the following:

------------------------------------------------------------------------------
      04/08/2009 00:34:01.304      Notice      Network Access      ICMP packet dropped due to policy      'MY SOURCE INTERNET IP ADDRESS HERE', 52803, X1      192.168.40.254, 8, X0      ICMP Echo, Code: 0
-------------------------------------------------------------------------------

Any ideas?

0
Comment
Question by:ajahnke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 17

Accepted Solution

by:
ccomley earned 500 total points
ID: 24095256
Simpler still.

Go into Networks, Interfaces, click on the icon to configure the WAN interface.

At the bottom of the main dialog there's a row of check boxes next to the word "Management". These will all be off by default. Turn on the one marked "ping" and save - the Sonicwall will now respond normally to Ping and Traceroute requests from the WAN side.

If you have a dual-wan setup, do the same on the port being used for the second WAN connection.

0
 

Author Closing Comment

by:ajahnke
ID: 31567900
OMG - how dumb! They're being a little too clever for my own good. Thank you for the solution - worked perfectly. Not to mention that I removed all the rest of the configuration I had tried to add - apparently this management rule sets up its own Access Rules, etc.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I know for anybody starting from Beginner to Expert in Networking knows what OSI model. But this tutorial is for freshers or those who are new to networking world. Why I am putting OSI in such simple and compact manner is because it enables you to k…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question