Solved

Can't Pass Traffic on my SonicWall NSA 240

Posted on 2010-08-20
15
2,554 Views
Last Modified: 2012-05-10
Hi, I need some help configuring a SonicWall NSA 240 with Enhanced 3.x OS

I have a network that consists of a Sonicwall NSA 240, three Linksys switch’s, some thin clients plugged into the Linksys switches and a server for the Thin Clients. I’m extending my network and placing some thin clients in other locations. I am attempting to do this by using my NSA 240 to segregate my network (exactly like I am currently doing  with 2 other networks using NSA 4500’s). However, I haven’t been very successful. My current NSA 240 setup is this:

WAN = Transparent Mode – 201.50.0.10 – 255.255.0.0
Interface X3 = Thin Clients – Transparent Mode – Assigned a Thin Client Zone
Interface X8 = Server – Transparent Mode – Assigned a To a Server zone
Thin Clients Address Object - range from 201.50.2.130 – 180 - Assigned to the Thin Client Interface
Server Address Object is 201.50.2.1 - Assigned a to the Server Interface
Extended Thin Clients = 100 – 120 IP range coming in from WAN assigned to the Wan Interface

Firewall = Wide Open / Bi-Directional / any-any
Thin Clients setup with Static IP info

** Future setup will involve other networks passing through the WAN – 201.50.X.X and 201.50.X.X **

I’m trying to route my thin client switch’s into Interface X3 and out of Interface X8 and my extended clients coming in on the WAN (X1) to Interface X8 (when I route my WAN traffic out of an interface and into the thin client switch’s the thin client traffic starts going into the SonicWall and dropping packets instead of going straight to the Thin client server).  Although I see that the traffic is getting to the NSA 240 and the ARP cache is building, the SonicWall keeps dropping “ARP” requests and “BOOTP” requests.

Any suggestion would be greatly appreciated.
0
Comment
Question by:mritwonderful
15 Comments
 
LVL 2

Expert Comment

by:mattolan
Comment Utility
if you have a support contract with sonicwall for this device I would call them, I have found their support staff very helpfull with such issues in the past, (although sitting on hold does suck)
0
 

Author Comment

by:mritwonderful
Comment Utility
Unfortunately I do not have a support contract.
0
 
LVL 8

Expert Comment

by:jimmyray7
Comment Utility
Can you post your current routing entries?
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
although I don't understand exactly why you have your firewall configured as completely wide open to the internet, it should be routing traffic.  if it's not, then you might have a firewall rule blocking traffic.  Firewall > Access Rules and check the thin client zone to the other zones you want to pass the traffic to.
0
 

Author Comment

by:mritwonderful
Comment Utility
Digitap

I currently have it open just to see if I can get the traffic to pass, once I get this working I'll lock it down. I have no access rules blocking any traffic, nothing shows up in the logs as being dropped and being associated to a specific rule but if I do a Packet Capture I can see that the ARP Requests and the BOOTP traffic are getting dropped. I agree with you, It should be routing traffic.
0
 

Author Comment

by:mritwonderful
Comment Utility
Jimmyray7,

As much as I would love to share them ( I know that would probably add some more insight to the issue ) I don't know if that would be possible but I will look into it tomorrow.

Thanks
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
Do the drop entries look something like this?

Ethernet Header
Ether Type: ARP(0x806), Src=[00:23:7d:eb:17:4a], Dst=[02:17:c5:11:91:9a]
ARP Packet:
ARP TYPE: ARP Response
Sender MAC Address: 00:23:7d:eb:17:4a
Sender IP Address: 192.168.201.103
Target MAC Address: 02:17:c5:11:91:9a
Target IP Address: 10.112.241.1
Value:[0]
DROPPED, Drop Code: 13, Module Id: 46, (Ref.Id: _259_jcpfngKpeqokpiCtrTgurqpug) 1:0)

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 33

Expert Comment

by:digitap
Comment Utility
Here is a KB configuring transparent mode on the WAN interface.  Maybe there's something here that might lead you to a solution.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5979
0
 

Author Comment

by:mritwonderful
Comment Utility
I will check the dropped entries tomorrow to verify if they are similar.
0
 

Author Comment

by:mritwonderful
Comment Utility
digitap,

I checked the dropped entries and thier not the exact. Mine are "Drop Code 13" which is something like "No ARP Bridge Link established". What I'm thinking is I'll have to set up a L2 Bridge between X3 and X8 to get the traffic to pass and create another interface "X6" to transparent mode to pass the WAN traffic to the server. As soon as I get a chance to make the changes I will post my results.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
Comment Utility
I believe you are on the right track.  You might also consider adding a manual ARP entry.  Check out the link below to the differences between L2 and Transparent bridging.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5976&p=t
0
 

Author Comment

by:mritwonderful
Comment Utility
Yep, thats the same article I saw earlier today. When I read the "Path Determination" thats what made me think that I'll have to  go L2. Apparently I cant use Transparent Mode and route traffic through two separate interfaces while also using the WAN interface as a main ingress/egress point. At least thats how I'm interpreting it.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
that's what i thought when you first indicated your configuration, but i've never tried it before...the article seems to indicate otherwise.  i'm wondering, though, if a static arp would solve your challenge?
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
Was it a static arp?  Thanks for the points!
0
 
LVL 5

Expert Comment

by:cmaohio
Comment Utility
I am having this same problem and my packets are being "consumed" the MAC address of the destination computer is completely different than the one listed in the packet I posted below. I don't know how to add a manual ARP. how do you do that? I have only one machine (not specific to an IP) that won't speak through the firewall to my VPN. I change the IP and it still fails.


Ethernet Header
 Ether Type: IP(0x800), Src=[00:25:84:b8:a6:ff], Dst=[02:17:c5:16:64:3c]
IP Packet Header
 IP Type: UDP(0x11), Src=[10.0.2.93], Dst=[10.10.0.54]
UDP Packet Header
 Src=[51173], Dst=[6129], Checksum=0x8e4d, Message Length=20 bytes
Application Header
 Not Known:
Value:[0]
Consumed, Module Id:21 1:0)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Reducing the size of certificate chain 2 39
Link Aggregation 2 31
NSD FAIL 2 18
Does Surface Pro 2 have a max broadband speed 18 32
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now