Solved

Can't PING SonicWall NSA 2400 from WAN

Posted on 2009-04-07
2
9,122 Views
Last Modified: 2013-11-29
I've read several articles, but still can't get my Sonicwall NSA 2400 to answer pings from the WAN. I understand that I should be able to do this in one of two ways:

1.) Forward PING traffic on to LAN server
2.) Forward to internal interface of Sonicwall

Due to the nature of the tests I need to run (for the ISP, who would REALLY like me to be able to ping the Sonicwall directly in order to remove any LAN device problems from equation), I need to make option 2 work.

I've tried to add firewall and NAT policies, and have pretty much stuck with using the 'Add Public Server Wizard' to create them. Here is what the wizard confirms it's going to do at the end:

---------------------------------------------------------

Public Server Configuration Summary

Please review the settings below and click "Apply" to create the new objects listed below.

Server Address Objects
  1. Create 'SW NSA LAN Interface Private' assigned to LAN Zone for Host 192.168.40.254.
  2. Reuse 'X1 IP' address object assigned to WAN Zone for 'INTERNET IP ADDRESS HERE''.

Server Service Group Object
  1. Create 'SW NSA LAN Interface Services' with Ping Service.

Server NAT Policies
  1. Create Inbound Server NAT Policy to rewrite packets to original destination 'X1 IP' to translated destination 'SW NSA LAN Interface Private'.
  2. Create Outbound Server NAT Policy to rewrite packets from 'SW NSA LAN Interface Private' to translated source 'X1 IP'.
  3. Create Loopback NAT Policy to allow access from all internal zones to the server at public IP address 'INTERNET IP ADDRESS HERE'.

Server Access Rules
  1. WAN > LAN - Allow 'Any' to 'X1 IP' for Service Group 'SW NSA LAN Interface Services'.
  Similar rules will be created from all lower security zones to the LAN zone.

To apply these settings, click Apply. To continue, click Next

----------------------------------------------------------------------------

At this point I click 'Apply' and the OS confirms the process was successful. I can then confirm that all the entries mentioned above seem to be in place, however pings to the WAN address still fail, and the log on the NSA continues to display the following:

------------------------------------------------------------------------------
      04/08/2009 00:34:01.304      Notice      Network Access      ICMP packet dropped due to policy      'MY SOURCE INTERNET IP ADDRESS HERE', 52803, X1      192.168.40.254, 8, X0      ICMP Echo, Code: 0
-------------------------------------------------------------------------------

Any ideas?

0
Comment
Question by:ajahnke
2 Comments
 
LVL 16

Accepted Solution

by:
ccomley earned 500 total points
ID: 24095256
Simpler still.

Go into Networks, Interfaces, click on the icon to configure the WAN interface.

At the bottom of the main dialog there's a row of check boxes next to the word "Management". These will all be off by default. Turn on the one marked "ping" and save - the Sonicwall will now respond normally to Ping and Traceroute requests from the WAN side.

If you have a dual-wan setup, do the same on the port being used for the second WAN connection.

0
 

Author Closing Comment

by:ajahnke
ID: 31567900
OMG - how dumb! They're being a little too clever for my own good. Thank you for the solution - worked perfectly. Not to mention that I removed all the rest of the configuration I had tried to add - apparently this management rule sets up its own Access Rules, etc.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question