• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1925
  • Last Modified:

Routing between interfaces

I have an existing Sonicwall 2040 that has been using the X0, X1 and X2 interfaces for WAN and two local subnets.  Everything works.  This morning, I configured the X3 interface and connected to another local Subnet that I am now responsible for, but the routing is not working.  I can ping both sides from the Sonicwall, but I can't access anything through it.

I will provide details when they are asked for.

David
0
david_griswold
Asked:
david_griswold
  • 4
  • 3
1 Solution
 
SimpsonThePhilCommented:
check your default rule base for a default deny rule that could be dropping the packets.  Also check your Nat and reflective nat policies to ensure they're not expecting or doing something inbound or outbound on the interface.  Oh and forgot, think you can only use X3 if you've got the enhanced OS installed, although this was on the older models, not sure haven't bought one in a couple of years.  Hope this helps

Phil
0
 
david_griswoldAuthor Commented:
Thanks.  I have gone over the firewall and NAT rules and see nothing in there that would deny access.  My 2040 is running SonicOS Enhanced 4.0.0.2-51e.
0
 
SimpsonThePhilCommented:
Have you looked at the routing table, you may need to add a static route between the interfaces, although you would assume the 2040 would automatically know this, but then again it is a firewall so therefore should not automatically route between interfaces.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
david_griswoldAuthor Commented:
OK, this is weird.  The X0 interface belongs to our default LAN, so it's IP address (192.168.0.1) is the default gateway for any non-local traffic.  X3 is 192.168.15.0 with an IP of 192.168.15.252 - it is not the default gateway for the 192.168.15.0/24 LAN.  So, I configure a static route on one of the PCs one the .15.0 network, and now it can see (ping) the .0.0 network.

On my PC (or any other on the .0.0) I should be able to ping something on the .15.0 network without a static route, since 192.168.0.1 is my default router.  but, I can't.  So, I setup a static route, even though it is not needed, and I still can't ping anything on the .15.0 network.

I have been doing this awhile (19 years) and have setup and configured a few firewalls/routers, but this makes no sense at all.  I thought for sure it was some hidden setting on the Sonicwall, but with traffic flowing at least one direction, I am not so sure now.

Any other ideas?

David
0
 
david_griswoldAuthor Commented:
OK, nevermind.  Seems the few hosts on the .15.0 network I were using for testing (ping) were the issue.  I can ping everything else it seems.  So, now I just have to figure out what is wrong with those hosts and I should be good.

Thanks anyway.
0
 
SimpsonThePhilCommented:
Ok, I dont confess to being an IP God like the guys I work with, however, although 0.1 is your default gatgeway from the PC, the sonic wall still needs to know where to route from there so unless there is a static route that directs all 15.x via X3 or you have a routing protocol enabled I still dont think it will route by default.  I do remember one thing though, the 2040 makes what should be simple difficult.

If I remember correctly the routing table needs to specifiy both inbound and outbound interfaces.  Is the new network directly connected or is it over les10, ethernet or t1 etc?  Not that this makes any difference.  I'll check out the two I've got configured for a client now and get back to you.

Phil
0
 
SimpsonThePhilCommented:
Ok,

Check the zone that the interface is in, you may need to create one.  Ensure the security type is trusted and you check interface trust.

I had also had to add a static route, however I am routing between two 2040's over a private LES10 which I have IP Numbered.

Phil
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now