• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3898
  • Last Modified:

SonicWall software: IPS Detection Alert ICMP Destination Unreachable 1 (Communication Administratively Prohibited)

Hi

I am constantly getting following with "Source" of various IP addresses and "Destination" of a server IP

Also error of IPS Detection Alert (ICMP Destination Unreachable)
and one about "Cache is full"

This is happening over and over and over again and a few second intervals

Is there a program repeatedly trying to access some server, running in background ?  if so how do I identify it?

Thanks in advance
0
rwallacej
Asked:
rwallacej
  • 6
  • 6
1 Solution
 
digitapCommented:
Are the Source IP addresses from the LAN or WAN?
0
 
rwallacejAuthor Commented:
hi, they are from WAN
0
 
digitapCommented:
To me, it seems your sonicwall is doing it's job blocking traffic that you are not allowing in from the Internet. The cache full error is that the source is trying so many times that it's filling the cache. See the link below regarding the message.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3549

Sounds like someone trying to hack into your system, but since your firewall is blocking, I don't think you need to worry. Of course, unless it's causing some other issue that is degrading the performance of your sonicwall.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
rwallacejAuthor Commented:
thanks, there are lots of connections, 30000+ should be nothing like this amount
a few times the remote desktop has been cut off with "another user where no one else should be on...this was worrying, also lots of "anonymous logon" in security  logs (I thought.you needed password for remote desktop ),
I think there is performance issue, sometimes my hosted sites work then cut off
0
 
digitapCommented:
What ports have you opened up WAN > LAN? Do you require your remote users to utilize a VPN?
0
 
rwallacejAuthor Commented:
not sure which ports, I didn't configure buy can check (require only 80,443 ?)
the remote users will only view websites ; only myself & one other needs to do remote desktop to servers, wherever we are (not fixed location), they are running windows 2003
0
 
digitapCommented:
Certainly confirm there aren't any strange ports open or ports open that might be a security hole. With remote connectivity being needed, I'd recommend using the sonicwall's vpn services. I'm not sure which sonicwall you have, but you should have some default licenses for the GVC. If you have a newer appliance then you have the ssl-vpn available to you.

You indicate remote users will only view website, are those websites on the internet or a internal web server on the other side of the sonicwall?
0
 
rwallacejAuthor Commented:
its the 2040 I have , I'll need to.find out how vpn works, as this is new

the sites are on an internal  server with WWW.xxx.com address

hope this helps
0
 
rwallacejAuthor Commented:
will vpn satisfy my scenario (remote users wishing to logon to use servers & do server admin e.g. to update IIS sites etc.) - users don't have fixed ip addresses ?
0
 
digitapCommented:
Do you have the Enhanced or Standard sonicwall OS? You can find out by going to System > Status. Also, you'll want to make sure you are running the latest firmware.

Best practice is to ONLY open ports when needed. If you have remote users who need access to internal resources, put them on a VPN. Otherwise, you may be opening ports needlessly decreasing the effective security of your sonicwall. If you have an internal IIS and/or Exchange server, you should only have HTTP, HTTPS and SMTP open WAN > LAN.
0
 
rwallacejAuthor Commented:
I have the Enhanced version  SonicOS Enhanced 5.2.0.1-21o

I'll check the ports opened;  r.e. VPN does this give same features as Windows "Remote desktop" where I can login from anywhere and use server as if I were plugged in direct?

thanks
0
 
digitapCommented:
yes. once you have a vpn connection, it's as if you are directly on the network, only a little slower.
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now