URGENT Sonicwall routing issue

Posted on 2011-10-05
Last Modified: 2012-08-13
Just came back from vacation and found a mess at work.

Yesterday morning an admin heard complaints about the VPN so he rebooted the Sonicwall Pro 3060 firewall that hosts it. VPN started working again. However later that morning things started going haywire. People could not resolve external DNS domains. Neither could either of the Windows AD/DNS/DHCP servers. Through trial and error they found that half the people on DHCP could not get out. Those people could if they gave them a static IP and DNS of internal dns server first and external comcast dns server second. But only on certain static IPs. We had plenty free but for whatever reason some did not help and some did. There are no duplicate IPs, so that was weird too.

I also noticed that if internal users pinged it would come back as unavailable with the external IP of the server 's NAT rule. is both our internal and external domain name (true one kept out of this discussion). Yes I told the admin he should not have set it up this way. If they just pinged server1 with no suffix then it worked fine. Same with RDP.

I found out that after he rebooted the firewall, a bunch of NAT rules got all messed up as well as some routing rules we put in. He fixed them, but that's very odd about that.

I checked the LAN > WAN rule and it's set to:

I don't really get how some things could ping external places like and others cannot. However you can once you give it a static IP that's free, although you may have to try a couple to find one that works. Some don't even though they are not being used by anything else.

The firewall's DHCP service is set to forward to our internal Windows DHCP server.

Any ideas?
Question by:MrVault
    LVL 14

    Accepted Solution

    -Could it be (just a thought) that your sonicwalls VPN pool is overlapping with your DHCP pool and therefor giving issues?
    You say there are no dupe, but maybe you didn't check this.

    -if you do a traceroute from a problem pc, what happens?
    -Can you ping the servers by IP or the gateway from a problem pc?

    Author Comment

    found the issue. when the rules got messed up, sonicwall auto added a nat rule that conflicted. they removed it from the backend and voila all is good. no overlap on vpn, etc. you can have the points though. thanks!

    LVL 14

    Expert Comment

    No problem :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now