Solved

Sonicwall TZ 210 Wireless N Clients with DCHP work fine, clients with Static IP address do not have internet access

Posted on 2010-09-18
12
1,658 Views
Last Modified: 2012-05-10
I am using a TZ 210 from Sonicwall and I have no problems with Users that connect via the WLAN with DCHP or users connected to the LAN ports with DCHP.
My problem is that I have 4-8 devices that have Static IP Addresses (internal LAN) and they cannot open any webpage. However, if I use the IP it works fine.  

Any ideas why?
Thanks
0
Comment
Question by:parmor
  • 4
  • 4
  • 3
12 Comments
 
LVL 2

Expert Comment

by:HFVgally
ID: 33709734
Are your statics using the same DNS servers as what your DHCP clients get served? DO an IPCONFIG /ALL from a command prompt on the client using DHCP.
Incidently, had you considered using the sonicwall DHCP to assign reserved IP addresses to the clients that have static addresses? you just need to know the MAC addresses of the clients to configure your reservations. That will also prevent the sonicwall's DHCP server from inadvertently assigning the same IP as one of your statics (unless you have limited the scope and are assigning statics outside of that scope).
0
 
LVL 33

Expert Comment

by:digitap
ID: 33709919
True...compare the static IP settings with those of a client using DHCP.  Also, are these static assignments within the DHCP scope served by the windows server on the LAN?
0
 

Author Comment

by:parmor
ID: 33709996
Well it is/was a DNS Server issue.  Old Router I used one DNS server and it was the same as the Gateway. 192.168.1.1

Is there anyway to do that?
The DHCP Servers are automatically getting my OpenDNS Servers.  When I manually change the Static Clients from 192.168.1.1 (DNS) to OpenDNS two DNS Server it works just fine.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33710134
So, your sonicwall is proving DHCP and it's configured with the OpenDNS servers so your DHCP clients subsequently get that server as well, right?

In my mind, you have to manually set everything else for the static clients so set whatever you want for DNS.  It seems you've clearly resolved the issue as being a DNS issue, but I'm not clear what challenge we're working with now.
0
 
LVL 2

Expert Comment

by:HFVgally
ID: 33710161
So the thing is that the Sonicwall DHCP will take the DNS servers you specified in your external interface setup and will in turn serve those back to DHCP clients as DNS servers. Watchguard, Sonicwall, Cisco and most other "true" firewalls don't automatically do forward lookups when you specify their internal LAN ip address as the DNS server in my experience. Lynksys, D-Link and similar consumer firewalls do. I'm not sure what the security rationale is for not letting the gateway do forward lookups unless there is a concern of a possible DNS lookup exploit.
I would suggest either just leave them as staticly configured DNS servers on your static devices or set up some DHCP reservations in the Sonicwall based on the client's MAC addresses if you want the firewall to do the work of handing out DNS. I would go with the later simply to ensure that I only had one place to change DNS server settings in the future if I choose/need to.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:parmor
ID: 33710386
So If I use Static IP addresses on my Clients I now I have to go to everyone of them and change the DNS Servers from 192.168.1.1 to 208.67.222.222 (open DNS)?

How can I get the Sonicwall to do its own lookups based on the WAN DNS Servers?
0
 
LVL 2

Assisted Solution

by:HFVgally
HFVgally earned 250 total points
ID: 33710431
Yes.
OR
create DHCP reservations on the Sonicwall for each client with a static address. Then the Sonicwall will then hand out the static address to each client AND the correct external (OpenDNS) servers. You set your static address clients for DHCP, but they still get the same address each time so it is just as if they had manually assigned addresses - it's just that you are doing all of the manual entry in one place, the firewall, instead of at each client. That's what I would suggest, but your are going to have to touch each client initially anyway to make this change, so it's your call whether you just want to throw in the DNS addresses and have done with it for now.
I am fairly certain that you cannot get the Sonicwall to act as a DNS server and do forward lookups. Most business-grade firewalls don't permit this feature in my experience.
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33711145
The sonicwall won't do what you're asking.  You need a DNS server to do that.  A DNS server will use forwarders or root hints to provide name lookup to clients.  The sonicwall doesn't do this.

Is this not a windows active directory domain?  If you have a windows server, you have access to a DNS server.
0
 
LVL 2

Assisted Solution

by:HFVgally
HFVgally earned 250 total points
ID: 33712260
I am assuming that there is no AD based on the parameters question. It sounds like a peer-to-peer network which was using possibly a Linksys router before. Consumer routers like that DO act as DNS forwarders when you assign the gateway IP to the DNS server - they forward to the external DNS servers. Sonicwalls, Watchguards, etc. do not; possibly because of a security concern or because of complications that might be caused when firewall-to-firewall VPN tunnels are created.
Bud digitap does bring up a valid point. If you are in an active directory with a Windows 2000 or later server, you SHOULD have DNS set up on that server and all clients should point to the server as their primary (perhaps only) DNS server and that should in turn be doing all of the forward lookups. If this is the case, it would also be better to turn off DHCP on your firewall and instead configure DHCP on the server so that the server can dynamically register client IP addresses into it's internal DNS domain.
Note that DNS on the server is only a requirement if you are using Active Directory, if you are just using local users and groups and keeping user account names and password synced manually between the server and clients, then this doesn't apply. I f you are not using AD, you Could set up DNS on the server, but there would be no practical advantage to it over what you are doing now.
0
 

Author Comment

by:parmor
ID: 33712541
Thanks everyone.  I do not have a domain just peer to peer workgroup.
This is my home network. I did have a Belkin and Linksys routers prior to this router so I was always using the router as the dns server for forwarding.

It answers my question. Thanks All!
0
 
LVL 33

Expert Comment

by:digitap
ID: 33712700
glad we could help and thanks for the points!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now