R4inc
asked on
SonicWALL, SonicPoint errors in logs
I am receiving lots of errors in my logs for my firewall and do not know where they are coming from. Not sure if it is a spoof or something else. Can't find much on the Internet about this. Example of the logs:
05/05/2011 07:20:33.176 - Error - Intrusion Prevention - Drop WLAN traffic from non-SonicPoint devices - 172.16.40.16, 1900, X4 - 239.255.255.250, 1900 -
05/05/2011 07:20:33.176 - Error - Intrusion Prevention - Drop WLAN traffic from non-SonicPoint devices - 172.16.40.16, 1900, X4 - 239.255.255.250, 1900 -
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We have 4 SonicPoints attached to interface X4 through a switch. I cant even ping the address that appears in the logs, the 172 one. There are other APs in the building, it just concerns me that the IP in the log is on the same subnet as our WLAN and is not the address of one of the clients or sonicpoints. We receive hundreds of these per day and is making it difficult to go through the logs.
Are the 4 sonicpoints segregated from the rest of the network or have you carved out a vlan on a switch?
ASKER
They are carved out on their own switch and they are VLAN'd as well to separate a corp WiFi and a guest WiFi. The guest and corp are on separate VLANs and the ip address is in the corp VLAN.
Note that the 172.16.0.0 - 172.31.255.255 is a non routable address range, so it has to be somewhere local. Are you using this on any of your (v)lans?
ASKER
172.16.40.0/24 is the Corp Wifi Vlan with the SonicPoints. There is nothing but the SonicPoints plugged into the switch which contains the VLans, which is connected to X4. I am having another issue with wireless and SonicWALL support said to update the firmware so I am going to try that and see if it resolves this as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I updated the firmware and am waiting to hear from our users that are having trouble. SonicWALL support said that there is a known issue with the latest firmware that I was on and had to update to the Early release. Thanks for the help!
I'll tell you, the early release fixes a bunch of stuff. I install that right out of the gate with all my new sonicwall deployments.
The sonicwall is detecting this type of traffic and dropping it. There is no security threat. If all is functioning properly, then you can disregard the log entry.