Sonicwall TZ210 and Netgear GS748TP connection errors

We recently needed to upgrade our internal LAN to gigabit so we purchased a Netgear GS748TP since we have a need for PoE on VoIP phones. We have been running on our Sonicwall TZ210 for about 6 months now with no issue and it is downlinked on the LAN port to a 10/100 Cisco/Linksys switch with no issues. I got the new Netgear unit in and loaded the latest firmware which is 5.0.0.14 (http://kb.netgear.com/app/products/model/a_id/2459). When we plugged the Sonicwall LAN side into the new Netgear we get a red Link/Speed light on the top line for the LAN port of the Sonicwall. Generally nothing on the network works at that point. I believe this is a speed/duplex issue, but I tried manually configuring both units and no combination seemed to work. There were almost limitless options with auto/full/half and 10/100/1000 combo's on both units together. Even with one configuration that greened up the Sonicwall port, everything was still spotty on LAN connectivity.

Sonicwall Firmware - SonicOS Enhanced 5.3.0.1-17o
Netgear GS748TP Firmware - v5.0.0.14

Any detail on seeing this before would be great. Just looking to solve the apparent duplex issue between these 2 units and very curious as to why auto sensing on both unit ports does not work.

On a side note, we thought the Netgear unit was bad so we sent it back and got another RMA unit back. Uploaded the same latest firmware and it did the exact same thing. The Netgear unit was easily configured with the private IP stack and accessible within the LAN and seems to have no major issues. The fact that both identical units did the same thing led me away from the idea that this was a hardware issue. We used multiple patch cables as well to rule our physical connectivity as a simply issue.
David RobertsAsked:
Who is Participating?
 
digitapCommented:
Here is a PDF that describes ways to remove portshield.
Configure-Portshield.pdf
0
 
digitapCommented:
Try unassigning the port shield interfaces that are tied to the LAN.
0
 
Cas KristCommented:
Pls try to update the firmware on the Sonicwall, we had a similar issue with a Cisco switch.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
Cas KristCommented:
Hmmmm, the only version of firmware I can find for the TZ210 is 5.1.3.2-35o
0
 
Cas KristCommented:
Something odd going on at mysonicwall, I can only see 'old' firmware versions.
0
 
Cas KristCommented:
Seems to be OK now, newest general release is 5.5.2.0-3o.
0
 
digitapCommented:
Reviewing a very long forum thread on Sonicwall's forums regarding this issue, I found the following as another solution:

Hi Guys... I seem to have found a work around for this problem. We have a network with 300+ nodes and we are using the tz-210 dedicted for 2 IPSEC tunnels. Once I installed the sonicwall all kinds of strange things started happening; even though we weren't using it as a firewall internet connections would drop servers were unreachable all of the workstations would throw a 'Duplicate name exist' error and the network was all around slow. I tried all of the recomendations posted here and nothing helped. I ended up reconfiguring the lan port with the default 192.168.1.0 network and unplugged it from our 3com switch. Then I used x6 for our internal 131.x.x.x network; all of the problems seemed to have cleared up. I don't know if the problem is a mfg defect or s/w bug but I hope this is helpfull for someone.

Since the forum was dated from September, I would think SW would have come up with a firmware release to resolve this issue, but you never know.
0
 
David RobertsAuthor Commented:
caskrist - Upgrading the TZ 210 unit now to 5.5.2.0-3o. Will try the switch swap again at the end of the day today and report back.

digitap - Where/how do you unassign port shield interfaces tied to the LAN. I see port shield interfaces under Network - Interfaces/Port Shield Groups but not sure exactly what you are saying to do. Never done it before.
0
 
Cas KristCommented:
You can unassign on the interfaces table.
0
 
David RobertsAuthor Commented:
Took the latest "general release" firmware straight off MySonicwall.com site for the TZ 210. Tried to upload it 2x and failed both times. Now looks like I will be on the phone with Sonicwall support to figure out why such a basic thing will not work?? Very dissapointed in Sonicwall at the moment. Not sure if this is a firmware, hardware (port X1) or what other type of issue if not a combination of all. Starting to wonder why I dumped my perfectly reliable Linksys RV042 for a more complex and "secure" Sonicwall??
0
 
digitapCommented:
Well, I wouldn't knock ALL of SW yet.  Some of their models are better than others.  For the longest time TZ170 was a solid appliance.  When they stopped making those over a newer model, we started deploying the newer model.  We soon found the newer model had challenges with cable modems that the TZ170 didn't have.  The newer model wouldn't take an IP address.  Our clients had to pay extra and get a static IP.  Even after that, they still would have off and on connectivity challenges.  We worked with the ISP and SW for months before we found that the MTU on the WAN needed to be adjusted.  After that, it was flawless.  Now, as soon as we take the SW out of the box, we adjust the MTU.  Anyway, I don't really like the 210 and mostly deploy NSA series appliances.
0
 
Cas KristCommented:
Maybe connect a notebook directly to the Sonicwall to flash it (not through the Netgear).
0
 
David RobertsAuthor Commented:
digitap - what MTU do you guys use on SW for cable modems? We have a Comcast as our secondary WAN that we have yet to make live due to more pressing issues but I am very curious what you use to avoid this problem when it arrives. I am guessing default is something like 1500 and maybe you set it to 1492?
0
 
digitapCommented:
yes, default is 1500.  We use the following procedure to find the MTU:

- ping -f -l 1500 www.google.com
- You'll get a response regarding dropped packets.
- Continued to decrease 1500 by 8 until you get a reply.
- Decrease by another 8 and use that as your MTU.
0
 
David RobertsAuthor Commented:
Upgraded to new firmware in safe mode because normal upgrade procedures did not work. That did not help anything. One of my internal guys went to the new Sonicwall Network Security Essentials 2 Day Training today. We talked this evening about port shields and for whatever reason, apparently X3/4/5/6 are different on the LAN side than X0. I plugged the new switch into X3 and magically it linked up green vs. red. We are going to test the network now by unplugging X0 from the current LAN switch and then use the new X3 port to the new switch for the default LAN. Seems a little strange but we are testing now to see if that works at least temporarily and then we can dig deeper to see what it takes to get this new switch to work on X0 for the default LAN. Will reply back asap. Sorry for the delay in responses as we were waiting on Sonicwall to give us new procedure for firmware upgrade that actually works.
0
 
digitapCommented:
That's great information.  Will wait to hear back.
0
 
David RobertsAuthor Commented:
OK, so far so good on the X3 port. Going to talk to my internal guy more tomorrow and have him ask the trainer in the class more about the real differences between X0 and X3/4/5/6. Did a ping -f -l 1500 www.google.com on my home connection which is the same Comcast provider and got all the way down to 1452 before I got clean responses on all 4 packets?? That seems awfully low. I am going to test it tomorrow at the office (source of the original issue) to see if WAN2 port has similiar results with Comcast cable service. I went ahead and set my home office Sonicwall MTU to 1444 which is the lowest I have ever done. Seems strange that cable providers would have settings on their network that low in comparison to normal WAN connection types. I will report more tomorrow if the X3 port and above turn out to be truly different than X0 LAN port. Thanks so far for all the valuable info.
0
 
digitapCommented:
No problem.  My MTUs are usually above 1400s.  I guess I'm not suprised.  Some times I don't even have to change from the standard 1500.
0
 
David RobertsAuthor Commented:
In the end, turns out Sonicwall has an issue talking to smart switches on the base LAN port. Move it to X3 or higher and it magically works. We learned alot with the input provided that helped quite a bit on troubleshooting both this issue and others we have dealt with. Thanks.
0
 
digitapCommented:
Glad we could help and thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.