MrVault
asked on
URGENT Sonicwall routing issue
Just came back from vacation and found a mess at work.
Yesterday morning an admin heard complaints about the VPN so he rebooted the Sonicwall Pro 3060 firewall that hosts it. VPN started working again. However later that morning things started going haywire. People could not resolve external DNS domains. Neither could either of the Windows AD/DNS/DHCP servers. Through trial and error they found that half the people on DHCP could not get out. Those people could if they gave them a static IP and DNS of internal dns server first and external comcast dns server second. But only on certain static IPs. We had plenty free but for whatever reason some did not help and some did. There are no duplicate IPs, so that was weird too.
I also noticed that if internal users pinged server1.mydomain.com it would come back as unavailable with the external IP of the server 's NAT rule. mydomain.com is both our internal and external domain name (true one kept out of this discussion). Yes I told the admin he should not have set it up this way. If they just pinged server1 with no suffix then it worked fine. Same with RDP.
I found out that after he rebooted the firewall, a bunch of NAT rules got all messed up as well as some routing rules we put in. He fixed them, but that's very odd about that.
I checked the LAN > WAN rule and it's set to:
SOURCE: Any
DESTINATION: Any
SERVICE: Any
ACTION: Allow
USERS: All
ENABLED: Yes
I don't really get how some things could ping external places like 8.8.8.8 and others cannot. However you can once you give it a static IP that's free, although you may have to try a couple to find one that works. Some don't even though they are not being used by anything else.
The firewall's DHCP service is set to forward to our internal Windows DHCP server.
Any ideas?
Yesterday morning an admin heard complaints about the VPN so he rebooted the Sonicwall Pro 3060 firewall that hosts it. VPN started working again. However later that morning things started going haywire. People could not resolve external DNS domains. Neither could either of the Windows AD/DNS/DHCP servers. Through trial and error they found that half the people on DHCP could not get out. Those people could if they gave them a static IP and DNS of internal dns server first and external comcast dns server second. But only on certain static IPs. We had plenty free but for whatever reason some did not help and some did. There are no duplicate IPs, so that was weird too.
I also noticed that if internal users pinged server1.mydomain.com it would come back as unavailable with the external IP of the server 's NAT rule. mydomain.com is both our internal and external domain name (true one kept out of this discussion). Yes I told the admin he should not have set it up this way. If they just pinged server1 with no suffix then it worked fine. Same with RDP.
I found out that after he rebooted the firewall, a bunch of NAT rules got all messed up as well as some routing rules we put in. He fixed them, but that's very odd about that.
I checked the LAN > WAN rule and it's set to:
SOURCE: Any
DESTINATION: Any
SERVICE: Any
ACTION: Allow
USERS: All
ENABLED: Yes
I don't really get how some things could ping external places like 8.8.8.8 and others cannot. However you can once you give it a static IP that's free, although you may have to try a couple to find one that works. Some don't even though they are not being used by anything else.
The firewall's DHCP service is set to forward to our internal Windows DHCP server.
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No problem :)
ASKER