Link to home
Start Free TrialLog in
Avatar of R4inc
R4inc

asked on

SonicWALL, SonicPoint errors in logs

I am receiving lots of errors in my logs for my firewall and do not know where they are coming from.  Not sure if it is a spoof or something else.  Can't find much on the Internet about this.  Example of the logs:

05/05/2011 07:20:33.176 - Error - Intrusion Prevention -       Drop WLAN traffic from non-SonicPoint devices -       172.16.40.16, 1900, X4 -       239.255.255.250, 1900 -
SOLUTION
Avatar of Carl Dula
Carl Dula
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of digitap
digitap
Flag of United States of America image
How many sonicpoints do you have? How do you have them connected to your sonicwall? Essentially, the only traffic that is allowed on a sonicpoint "network" is traffic originating from the sonicwall WLAN interface and the sonicpoints. There is an option to enable other hosts to be on the network with the sonicpoints essentially on the same subnet as the sonicpoints, but I have yet to see this work properly.

The sonicwall is detecting this type of traffic and dropping it. There is no security threat. If all is functioning properly, then you can disregard the log entry.
Avatar of R4inc
R4inc

ASKER

We have 4 SonicPoints attached to interface X4 through a switch.  I cant even ping the address that appears in the logs, the 172 one.  There are other APs in the building, it just concerns me that the IP in the log is on the same subnet as our WLAN and is not the address of one of the clients or sonicpoints.  We receive hundreds of these per day and is making it difficult to go through the logs.
Avatar of digitap
digitap
Flag of United States of America image
Are the 4 sonicpoints segregated from the rest of the network or have you carved out a vlan on a switch?
Avatar of R4inc
R4inc

ASKER

They are carved out on their own switch and they are VLAN'd as well to separate a corp WiFi and a guest WiFi.  The guest and corp are on separate VLANs and the ip address is in the corp VLAN.
Avatar of Carl Dula
Carl Dula
Flag of United States of America image
Note that the 172.16.0.0 - 172.31.255.255 is a non routable address range, so it has to be somewhere local. Are you using this on any of your (v)lans?
Avatar of R4inc
R4inc

ASKER

172.16.40.0/24 is the Corp Wifi Vlan with the SonicPoints.  There is nothing but the SonicPoints plugged into the switch which contains the VLans, which is connected to X4.  I am having another issue with wireless and SonicWALL support said to update the firmware so I am going to try that and see if it resolves this as well.  
ASKER CERTIFIED SOLUTION
Avatar of digitap
digitap
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of R4inc
R4inc

ASKER

I updated the firmware and am waiting to hear from our users that are having trouble.  SonicWALL support said that there is a known issue with the latest firmware that I was on and had to update to the Early release.  Thanks for the help!
Avatar of digitap
digitap
Flag of United States of America image
I'll tell you, the early release fixes a bunch of stuff. I install that right out of the gate with all my new sonicwall deployments.