?
Solved

SonicWALL, SonicPoint errors in logs

Posted on 2011-05-06
10
Medium Priority
?
3,865 Views
Last Modified: 2013-12-27
I am receiving lots of errors in my logs for my firewall and do not know where they are coming from.  Not sure if it is a spoof or something else.  Can't find much on the Internet about this.  Example of the logs:

05/05/2011 07:20:33.176 - Error - Intrusion Prevention -       Drop WLAN traffic from non-SonicPoint devices -       172.16.40.16, 1900, X4 -       239.255.255.250, 1900 -
0
Comment
Question by:R4inc
  • 4
  • 4
  • 2
10 Comments
 
LVL 20

Assisted Solution

by:carlmd
carlmd earned 1000 total points
ID: 35707040
It is saying that someone is trying to access your Sonicwall from an AP that is not a registered SonicPoint. In this scenario the Sonicwall is doing what it is supposed to and blocking the attempt.

Are you in a complex with lots of other wireless AP's? Do an AP site survey to see what is around. Otherwise someone might be trying to hack your network.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35707623
How many sonicpoints do you have? How do you have them connected to your sonicwall? Essentially, the only traffic that is allowed on a sonicpoint "network" is traffic originating from the sonicwall WLAN interface and the sonicpoints. There is an option to enable other hosts to be on the network with the sonicpoints essentially on the same subnet as the sonicpoints, but I have yet to see this work properly.

The sonicwall is detecting this type of traffic and dropping it. There is no security threat. If all is functioning properly, then you can disregard the log entry.
0
 
LVL 2

Author Comment

by:R4inc
ID: 35707684
We have 4 SonicPoints attached to interface X4 through a switch.  I cant even ping the address that appears in the logs, the 172 one.  There are other APs in the building, it just concerns me that the IP in the log is on the same subnet as our WLAN and is not the address of one of the clients or sonicpoints.  We receive hundreds of these per day and is making it difficult to go through the logs.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LVL 33

Expert Comment

by:digitap
ID: 35707708
Are the 4 sonicpoints segregated from the rest of the network or have you carved out a vlan on a switch?
0
 
LVL 2

Author Comment

by:R4inc
ID: 35707730
They are carved out on their own switch and they are VLAN'd as well to separate a corp WiFi and a guest WiFi.  The guest and corp are on separate VLANs and the ip address is in the corp VLAN.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 35707814
Note that the 172.16.0.0 - 172.31.255.255 is a non routable address range, so it has to be somewhere local. Are you using this on any of your (v)lans?
0
 
LVL 2

Author Comment

by:R4inc
ID: 35707841
172.16.40.0/24 is the Corp Wifi Vlan with the SonicPoints.  There is nothing but the SonicPoints plugged into the switch which contains the VLans, which is connected to X4.  I am having another issue with wireless and SonicWALL support said to update the firmware so I am going to try that and see if it resolves this as well.  
0
 
LVL 33

Accepted Solution

by:
digitap earned 1000 total points
ID: 35707874
Sorry for my delayed responses. That's what my next suggestion was going to be, update the firmeware.
0
 
LVL 2

Author Closing Comment

by:R4inc
ID: 35722579
I updated the firmware and am waiting to hear from our users that are having trouble.  SonicWALL support said that there is a known issue with the latest firmware that I was on and had to update to the Early release.  Thanks for the help!
0
 
LVL 33

Expert Comment

by:digitap
ID: 35722685
I'll tell you, the early release fixes a bunch of stuff. I install that right out of the gate with all my new sonicwall deployments.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question