Sonicwall Connection RST

Posted on 2013-09-19
Medium Priority
Last Modified: 2013-11-17
We are using Sonicwall NSA 220. We have both Linux based system and windows based systems. On the Linux based systems we are using thunderbird as email-client and on the windows based systems we are using outlook as email-client.

On the Linux side:
I am unable to send email using thunderbird. Firewall logs show:
11      09/20/2013 11:09:34.096      Debug      Network      TCP connection abort received; TCP connection dropped, 26569, X0 (admin)      mail-server:IP, 443, X1      TCP Flag(s): ACK RST

Download for emails is happening successfully without any problems.

When I use the firefox browser on the Linux box, The login goes through, however if I wish to send an email with attachment of 100KB or more, the connection times out. at the same time if I send a simple test-email, then the email goes through.

On the Windows side:
send/receive of emails using outlook as well as firefox/IE is going through without any errors.

Attempts to solve problem:
1. We had attempted to create a DMZ-zone a couple of days back, so to rule out any misconfiguration we have restored old Config from back as of 19-Aug.

Any suggestions on why this would be happening and if we can enable any addition logging to pin-point the problem.

Question by:sipl_aac00
  • 3
  • 3
  • 2
  • +1
LVL 20

Expert Comment

ID: 39508603
You are doing two different things. Using a browser to send/receive mail through the Sonicwall does not involve the smtp protocol. Whereas Thunderbird does. Did you set up the mail server on the Sonicwall using the wizard, or manually, or not at all?

Did this ever work, or is the Sonicwall new?

Author Comment

ID: 39509165
Yes, you are right in stating that the send/recv function via Web-interface and via email-client make use of different ports.  The piece we are unable to decipher is how the problem is affecting only linux based system while same/similar operations are working for windows-based system.

Quick note:
Missed mentioning that our mail-server is hosted in Singapore, where as the problem is ocuring in our India office.

The setup was working till 10:00 AM on 18-Sep-2013.

other observations till date:
1. We have tried to do a "telnet" test for various port numbers under use, the connectivity is going through.
2. The timeout happens after 60 seconds.
3. No Selinux or iptables on the linux box.
4. We have asked ISP to check if any abnormalities are observed at his end.
5. If we install a data-card on a linux box, the send-recv works for both firefox/thunderbird. This is pushing us to believe that something seems to be broken at our end only and not at the mail-server end.
LVL 20

Expert Comment

ID: 39509186
If I understand, the problem is that the linux server on you local lan can no longer send email, but any windows system can.

Assuming you can login to the linux server, send a test email as follows and post the result.

mail -v somebody@somewhere.com (use a real address)

This will print the entire sending transaction in verbose mode and will hopefully show the error.

Do you know where the mail and/or syslog is on the linux system, and have you looked at them?
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39511461
In the log you posted it seems that the connection that was reset, was destined to port 443 (HTTPS).

What SMTP settings did you put in to thunderbird?

Can you please try and setup a google imap/smtp account in thunderbird and try if you can successfully send mail with that account?
LVL 30

Expert Comment

by:Blue Street Tech
ID: 39523348

Any update on this?
LVL 30

Expert Comment

by:Blue Street Tech
ID: 39587105
Are you still having this issue?

Accepted Solution

sipl_aac00 earned 0 total points
ID: 39643927
Hi folks,

Thank you for you help.

On our Linux systems there is a problem of Mal-formed TCP headers. This was resulting in connection resets.

The problem was solved after enabling the option of "Fix/ignore malformed TCP headers" in the diag.html page of sonicwall. To reach this page Login to the SonicWALL admin page, then change ending portion of the URL from /main.html to /diag.html. Click Internal Settings > Scroll down to Security Services Settings

LVL 30

Expert Comment

by:Blue Street Tech
ID: 39644028
Interesting... this (Fix/ignore malformed TCP headers) is typically used in interacting with systems that use older IP stacks.

Author Closing Comment

ID: 39654356
problem solved

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question