URGENT Sonicwall routing issue

Posted on 2011-10-05
Medium Priority
Last Modified: 2012-08-13
Just came back from vacation and found a mess at work.

Yesterday morning an admin heard complaints about the VPN so he rebooted the Sonicwall Pro 3060 firewall that hosts it. VPN started working again. However later that morning things started going haywire. People could not resolve external DNS domains. Neither could either of the Windows AD/DNS/DHCP servers. Through trial and error they found that half the people on DHCP could not get out. Those people could if they gave them a static IP and DNS of internal dns server first and external comcast dns server second. But only on certain static IPs. We had plenty free but for whatever reason some did not help and some did. There are no duplicate IPs, so that was weird too.

I also noticed that if internal users pinged server1.mydomain.com it would come back as unavailable with the external IP of the server 's NAT rule. mydomain.com is both our internal and external domain name (true one kept out of this discussion). Yes I told the admin he should not have set it up this way. If they just pinged server1 with no suffix then it worked fine. Same with RDP.

I found out that after he rebooted the firewall, a bunch of NAT rules got all messed up as well as some routing rules we put in. He fixed them, but that's very odd about that.

I checked the LAN > WAN rule and it's set to:

I don't really get how some things could ping external places like and others cannot. However you can once you give it a static IP that's free, although you may have to try a couple to find one that works. Some don't even though they are not being used by anything else.

The firewall's DHCP service is set to forward to our internal Windows DHCP server.

Any ideas?
Question by:MrVault
  • 2
LVL 14

Accepted Solution

setasoujiro earned 2000 total points
ID: 36918528
-Could it be (just a thought) that your sonicwalls VPN pool is overlapping with your DHCP pool and therefor giving issues?
You say there are no dupe, but maybe you didn't check this.

-if you do a traceroute from a problem pc, what happens?
-Can you ping the servers by IP or the gateway from a problem pc?

Author Comment

ID: 36918607
found the issue. when the rules got messed up, sonicwall auto added a nat rule that conflicted. they removed it from the backend and voila all is good. no overlap on vpn, etc. you can have the points though. thanks!

LVL 14

Expert Comment

ID: 36918612
No problem :)

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Screencast - Getting to Know the Pipeline
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question