URGENT Sonicwall routing issue

Just came back from vacation and found a mess at work.

Yesterday morning an admin heard complaints about the VPN so he rebooted the Sonicwall Pro 3060 firewall that hosts it. VPN started working again. However later that morning things started going haywire. People could not resolve external DNS domains. Neither could either of the Windows AD/DNS/DHCP servers. Through trial and error they found that half the people on DHCP could not get out. Those people could if they gave them a static IP and DNS of internal dns server first and external comcast dns server second. But only on certain static IPs. We had plenty free but for whatever reason some did not help and some did. There are no duplicate IPs, so that was weird too.

I also noticed that if internal users pinged server1.mydomain.com it would come back as unavailable with the external IP of the server 's NAT rule. mydomain.com is both our internal and external domain name (true one kept out of this discussion). Yes I told the admin he should not have set it up this way. If they just pinged server1 with no suffix then it worked fine. Same with RDP.

I found out that after he rebooted the firewall, a bunch of NAT rules got all messed up as well as some routing rules we put in. He fixed them, but that's very odd about that.

I checked the LAN > WAN rule and it's set to:

I don't really get how some things could ping external places like and others cannot. However you can once you give it a static IP that's free, although you may have to try a couple to find one that works. Some don't even though they are not being used by anything else.

The firewall's DHCP service is set to forward to our internal Windows DHCP server.

Any ideas?
Who is Participating?
setasoujiroConnect With a Mentor Commented:
-Could it be (just a thought) that your sonicwalls VPN pool is overlapping with your DHCP pool and therefor giving issues?
You say there are no dupe, but maybe you didn't check this.

-if you do a traceroute from a problem pc, what happens?
-Can you ping the servers by IP or the gateway from a problem pc?
MrVaultAuthor Commented:
found the issue. when the rules got messed up, sonicwall auto added a nat rule that conflicted. they removed it from the backend and voila all is good. no overlap on vpn, etc. you can have the points though. thanks!

No problem :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.