SonicWall Site to site keep alive??
Posted on 2013-12-30
Having a weird issue with a SonicWall TZ170. I know! It should be replaced, but.....
Anyway,, we have several of the small TZ series that we use for offsite clinics to connect back to our Hospital network. This particular 170 just came back from a clinic that we physically moved and assigned to another subnet so that we could test the networking prior to moving hardware and people. It didn't have any of these problems in it's original location.
I updated the firmware SonicOS Standard 18.104.22.168-9s on this when I got it back and booted to default settings, so the configuration is fresh and doesn't have any leftover configurations to cause problems.
After the firmware update, I built a new site to site tunnel with the appropriate vlans to our NSA E5500 HA main firewall utilizing a new subnet for the TZ170 Lan network. It assosciated and everything was working fine. Tested internet, corporate email, file shares, etc. and no problems. I have keep alive and bring up all possible tunnels checked on the TZ 170. I was using my laptop for this testing.
Once the laptop is allowed to go to power saving mode, the tunnel is disconnected within a few minutes and I loose the ability to manage the firewall from our central location. If I do a persistant ping from my desktop at the hospital, I am able to keep the connection alive, but that shouldn't be necessary. The location this is to be deployed will be an Ambulance station in another city, so often there is no one there using a connection if management of the firewall is necessary.
This is the first time I've seen this behavior from these firewalls. I don't see the tunnels dropped on our 5500 and when I power back up the laptop, I see all 4 tunnels still established. Seems like it must be a setting on the TZ 170 somewhere? Disabling the dead peer detection doesn't seem to have any effect on this.