Sonicwall NSA 2400: Management

I recently deployed four Sonicwall NSA 2400 units to multiple physical locations all connected over a fiber network. Each site has its own LAN subnet:

Site 1: 172.20.10.x
Site 2: 172.20.50.x
Site 3: 172.20.80.x
Site 4: 172.20.110.x

All servers, computers, and resources are accessible from any other location (I can ping and log into servers at Site 3 from Site 1 for example.) However, I cannot ping or access any Sonicwalls in other buildings. For example: if physically at Site 2, I can go to and log into the management interface. If at another site, I cannot access or ping the firewall at that Site 2.

In the firewall rules, it appears that 4 rules were automatically generated by the device and cannot be edited. There is one for PING and another for HTTP management. Both are set up in the following manner:  From LAN --> LAN,  ANY source, Management IP destination, (PING or HTTP Management) as the service, traffic is set to ALLOW.

How can I allow these other sites to manage / ping the Sonicwalls at the other sites?
Who is Participating?
Ad-ApexConnect With a Mentor Author Commented:
I searched for a solution as recommended by CARLMD but didn't find what I was looking for.  I eventually received help from a Sonicwall forum moderator who gave me the following solution which I will share with the community:

On the appliance you want to manage remotely from another subnet:
Network --> Routing --> Add...
This will produce a window asking for information. Provide the following:
Source: Any
Destination: Create a new address object for the remote network you want to manage FROM.
Service: Any
Gateway: Create a new address object for the host IP Address of the gateway onthe appliance's subnet through which you can access the remote network subnet created above.
Interface: Interface on the appliance used to access the above

Do this for each subnet you wish to use to access the appliance.
Under Network -> Interfaces select configure for X1 (Default WAN) or other X? interface you are using. On the General tab look for the line with Management and make sure the box for https and ping (if you want it) are checked.

Did this solve your problem?
Ad-ApexAuthor Commented:
I already have those checked. Here's a screen shot of all configurations related to what I mentioned in my original post and your suggestion-- perhaps it would be easier to have something for people to look at.

Network Interfaces The auto-created HTTP management rule
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

In your example, it appears you are using the Sonicwall LAN interface of the sites. Try using the WAN interface ip in your http.

If that does not work, it could be that all http traffic is being routed over the VPN connection. Given that, you cannot reach the other sites unless you define routes to them. Try running a traceroute from another site to the Site 2 firewall. Also do the same thing for a pc at Site 2. How far do you get?
Ad-ApexAuthor Commented:
Here's the problem-- though I am not sure how to fix it.  In the logs I see warnings when i try to connect that say "Alert, Intrusion Protection, IP spoof dropped" and it lists the IP address of the remote system I am trying to use to log in.
Ad-ApexAuthor Commented:
Got it.  I think this explains it all for me:

"Another cause of IP spoof messages is the existence of additional subnets on the LAN. In a standard setup, the SonicWall will only recognize the subnet of its LAN IP address as being valid. If there are additional subnets connected to the LAN, in the SonicWALL you must create a route policy for those networks."

So since I essentially want to be able to remotely administer the Sonicwall from any subnet within, I need to set this up to be allowed.
Check Help for the following topic on the Sonicwall to configure....

Route Entries for Different Network Segments
Ad-ApexAuthor Commented:
I accepted my own solution as it was complete and solved my problem.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.