So I have a Sonicwall NSA 2400 at the edge of my network. At no consistent time, the entire LAN that's run through X0 goes completely dead and we can't even ping the gateway from the inside. The closest I can get is the switch before the firewall (x.x.1.250) and everything else on the local network. This outage kills all access from the outside world, cutting off websites we host, Exchange, security systems, Citrix, and RDP. Up until a couple days ago, it would go out, but then restore itself after a few minutes. But now, our third-party help desk actually has to restart the SonicWALL just so we regain access...temporarily, Currently, it's kicked me out and it's not coming back up on its own.
From what they're telling us, even though none of our services are reachable, they are still able to reach our SonicWALL from the outside (VPNs survive, but nothing else?). Furthermore, apparently they can even hit our internal gateway, but not the first switch right after the firewall (x.x.1.250). Yet, I still can't log into anything hosted internally nor can I log into my office PC through TeamViewer.
They're suggesting that this is loop behavior on the switch's behalf, but I didn't rewire anything in the server room. Although, I just started working here and these guys haven't had an IT team in 15 years or so, so who knows what they have plugged into what. How would I even confirm that/locate the loop? The firewall logs show no kind of link failure so failover never takes place.
I think the sonicwall's firmware is currently 188.8.131.52-?? I can't find out because I can't get into the network anymore...just the third-party help desk. Wireshark on my (x.x.1.250) hasn't given me much to work off of either expect showing me a bunch of DNS requests falling flat when the outage occurs. Once I regain access to the firewall, logs don't show anything, the connection monitor doesn't show anything abnormal, nor the core monitors.
I'm so confused, it's ridiculous.
Is it the switches? the firewall?