• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 850
  • Last Modified:

Sonicwall Dropping all incoming TCP Connections

Hello Experts,

I have another Sonicwall PRO 1260 Enhanced that I am having issues with all of a sudden. Out of all the firewalls that I manage Sonicwalls are the only ones that give me heartaches.

Starting on Friday, afternoon TCP Connections coming from he outside are being dropped. Nothing has really been changed to my knownledge. This account I have just taken over and I can't seem to figure out where this has gone wrong. I was notified when the End Users could no long remote in via SBS Remote Workplace. I went and did the normal and checked the server, and even rebooted the server. Still nothing, so I checked the firewall and looked at the logs and discovered all WAN TCP Connections are being dropped.

Now I created a backup of the device which is by habit of all firewalls I managed, and when I tried to restore the device Settings I am getting a "Error: Configurations Settings files is Corrupted" which is a firs for me.

Whats going on or what am I missing? Why would all Incoming WAN TCP Connections be dropped?

Thanks
0
rperault
Asked:
rperault
1 Solution
 
rperaultAuthor Commented:
Update:

From within the LAN I can get to all the addresses with no problem even using the WAN IP addresses and URLs
0
 
rperaultAuthor Commented:
Seriously no one has any ideas?
0
 
rfc1180Commented:
>Why would all Incoming WAN TCP Connections be dropped?
>Nothing has really been changed to my knownledge.

classic case of someone has the password and possibly made changes.

The firewall could be maxed out on sessions, but this would more than likely affect outgoing connections from LAN to WAN, but something to look into.

How is the packer flow through the device (pps), is the CPU and/or memory maxed?

>Error: Configurations Settings files is Corrupted
sounds like something is jacked; this is where you replace the device with spare as it appears there is an issue with saving files, possible bad hardware.

Billy
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
digitapCommented:
It's possible the hardware could be corrupt or even just the loaded firmware.  The sonicwall appliance has a factory image of the firmware burned in so that if the loaded image becomes corrupted, you can reboot to original factory defaults.  Of course, it means you'll have to rebuild from scratch.

There ware two ways to get a  backup of the sonicwall.  The configuration or create a firmware backup which includes the configuration.  I usually just get the configuration.  Is that what you have?

If so, you need to restore to factory and restore the configuration.  Pull the power, hold down the reset button, and apply power while holding in the reset.  Wait 15 seconds and try to connect to the sonicwall.  Sometimes it's the default 192.168.168.168, but sometimes it keeps the prior IP.  You'll boot into a safe mode where you can select the factory image to boot from.

Once you boot, you can login using the 192.168.168.168 IP and skip the wizard.  Go to the settings page and restore the configuration file.

If the image was corrupt, explaining why the ingress TCP connections were being dropped, then the backup image would be corrupt explaining the error you got.  I'm hoping you have the configuration settings.  It's best to start over.

Do you have the sonicwall on battery backup?  If a sonicwall is unplugged then immediately plugged in, then they some times go to factory defaults or the image becomes corrupt.  My guess is someone was messing with the power.  Perhaps they couldn't get to the Internet and they power cycled the sonicwall and didn't wait the recommended 15+ seconds before applying power.
0
 
Cas KristCommented:
When you start from scratch, you might as well put in the latest firmware again (when you are in safemode). This helped me in the past two times.
0
 
digitapCommented:
True...forgot to mention that.
0
 
digitapCommented:
So, what was the answer?  Appears you selected an answer to get it off your list.  Thanks for the clarification.
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now