Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9253
  • Last Modified:

Can't PING SonicWall NSA 2400 from WAN

I've read several articles, but still can't get my Sonicwall NSA 2400 to answer pings from the WAN. I understand that I should be able to do this in one of two ways:

1.) Forward PING traffic on to LAN server
2.) Forward to internal interface of Sonicwall

Due to the nature of the tests I need to run (for the ISP, who would REALLY like me to be able to ping the Sonicwall directly in order to remove any LAN device problems from equation), I need to make option 2 work.

I've tried to add firewall and NAT policies, and have pretty much stuck with using the 'Add Public Server Wizard' to create them. Here is what the wizard confirms it's going to do at the end:

---------------------------------------------------------

Public Server Configuration Summary

Please review the settings below and click "Apply" to create the new objects listed below.

Server Address Objects
  1. Create 'SW NSA LAN Interface Private' assigned to LAN Zone for Host 192.168.40.254.
  2. Reuse 'X1 IP' address object assigned to WAN Zone for 'INTERNET IP ADDRESS HERE''.

Server Service Group Object
  1. Create 'SW NSA LAN Interface Services' with Ping Service.

Server NAT Policies
  1. Create Inbound Server NAT Policy to rewrite packets to original destination 'X1 IP' to translated destination 'SW NSA LAN Interface Private'.
  2. Create Outbound Server NAT Policy to rewrite packets from 'SW NSA LAN Interface Private' to translated source 'X1 IP'.
  3. Create Loopback NAT Policy to allow access from all internal zones to the server at public IP address 'INTERNET IP ADDRESS HERE'.

Server Access Rules
  1. WAN > LAN - Allow 'Any' to 'X1 IP' for Service Group 'SW NSA LAN Interface Services'.
  Similar rules will be created from all lower security zones to the LAN zone.

To apply these settings, click Apply. To continue, click Next

----------------------------------------------------------------------------

At this point I click 'Apply' and the OS confirms the process was successful. I can then confirm that all the entries mentioned above seem to be in place, however pings to the WAN address still fail, and the log on the NSA continues to display the following:

------------------------------------------------------------------------------
      04/08/2009 00:34:01.304      Notice      Network Access      ICMP packet dropped due to policy      'MY SOURCE INTERNET IP ADDRESS HERE', 52803, X1      192.168.40.254, 8, X0      ICMP Echo, Code: 0
-------------------------------------------------------------------------------

Any ideas?

0
ajahnke
Asked:
ajahnke
1 Solution
 
ccomleyCommented:
Simpler still.

Go into Networks, Interfaces, click on the icon to configure the WAN interface.

At the bottom of the main dialog there's a row of check boxes next to the word "Management". These will all be off by default. Turn on the one marked "ping" and save - the Sonicwall will now respond normally to Ping and Traceroute requests from the WAN side.

If you have a dual-wan setup, do the same on the port being used for the second WAN connection.

0
 
ajahnkeAuthor Commented:
OMG - how dumb! They're being a little too clever for my own good. Thank you for the solution - worked perfectly. Not to mention that I removed all the rest of the configuration I had tried to add - apparently this management rule sets up its own Access Rules, etc.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now