Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can't PING SonicWall NSA 2400 from WAN

Posted on 2009-04-07
2
Medium Priority
?
9,233 Views
Last Modified: 2013-11-29
I've read several articles, but still can't get my Sonicwall NSA 2400 to answer pings from the WAN. I understand that I should be able to do this in one of two ways:

1.) Forward PING traffic on to LAN server
2.) Forward to internal interface of Sonicwall

Due to the nature of the tests I need to run (for the ISP, who would REALLY like me to be able to ping the Sonicwall directly in order to remove any LAN device problems from equation), I need to make option 2 work.

I've tried to add firewall and NAT policies, and have pretty much stuck with using the 'Add Public Server Wizard' to create them. Here is what the wizard confirms it's going to do at the end:

---------------------------------------------------------

Public Server Configuration Summary

Please review the settings below and click "Apply" to create the new objects listed below.

Server Address Objects
  1. Create 'SW NSA LAN Interface Private' assigned to LAN Zone for Host 192.168.40.254.
  2. Reuse 'X1 IP' address object assigned to WAN Zone for 'INTERNET IP ADDRESS HERE''.

Server Service Group Object
  1. Create 'SW NSA LAN Interface Services' with Ping Service.

Server NAT Policies
  1. Create Inbound Server NAT Policy to rewrite packets to original destination 'X1 IP' to translated destination 'SW NSA LAN Interface Private'.
  2. Create Outbound Server NAT Policy to rewrite packets from 'SW NSA LAN Interface Private' to translated source 'X1 IP'.
  3. Create Loopback NAT Policy to allow access from all internal zones to the server at public IP address 'INTERNET IP ADDRESS HERE'.

Server Access Rules
  1. WAN > LAN - Allow 'Any' to 'X1 IP' for Service Group 'SW NSA LAN Interface Services'.
  Similar rules will be created from all lower security zones to the LAN zone.

To apply these settings, click Apply. To continue, click Next

----------------------------------------------------------------------------

At this point I click 'Apply' and the OS confirms the process was successful. I can then confirm that all the entries mentioned above seem to be in place, however pings to the WAN address still fail, and the log on the NSA continues to display the following:

------------------------------------------------------------------------------
      04/08/2009 00:34:01.304      Notice      Network Access      ICMP packet dropped due to policy      'MY SOURCE INTERNET IP ADDRESS HERE', 52803, X1      192.168.40.254, 8, X0      ICMP Echo, Code: 0
-------------------------------------------------------------------------------

Any ideas?

0
Comment
Question by:ajahnke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 17

Accepted Solution

by:
ccomley earned 2000 total points
ID: 24095256
Simpler still.

Go into Networks, Interfaces, click on the icon to configure the WAN interface.

At the bottom of the main dialog there's a row of check boxes next to the word "Management". These will all be off by default. Turn on the one marked "ping" and save - the Sonicwall will now respond normally to Ping and Traceroute requests from the WAN side.

If you have a dual-wan setup, do the same on the port being used for the second WAN connection.

0
 

Author Closing Comment

by:ajahnke
ID: 31567900
OMG - how dumb! They're being a little too clever for my own good. Thank you for the solution - worked perfectly. Not to mention that I removed all the rest of the configuration I had tried to add - apparently this management rule sets up its own Access Rules, etc.
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question