Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SonicWall Network Access entries in Logs

Posted on 2015-01-04
2
Medium Priority
?
278 Views
Last Modified: 2015-01-04
I recently upgraded our router to a SonicWall TZ215W

Our main network is on the 192.168.1.0/24 network and there are 8 site to site VPN tunnels enabled with one of them on the 192.168.3.0/24 network.

All of the tunnels are setup and seem to work great.

When I look at the logs, I am repeatedly getting the following entries:

01/04/2015 10:50:32.896      Notice      Network Access      TCP connection dropped      192.168.1.151, 56917, X0      192.168.3.106, 9100, X1      TCP Port: 9100

01/04/2015 10:50:12.736      Notice      Network Access      UDP packet dropped      192.168.1.113, 63325, X0      192.168.3.200, 161, X1      UDP SNMP

01/04/2015 10:37:52.672      Notice      Network Access      UDP packet dropped      192.168.1.151, 64802, X0      192.168.3.106, 161, X1      UDP SNMP
             
3      01/04/2015 10:37:36.496      Notice      Network Access      TCP connection dropped      192.168.1.117, 56738, X0      192.168.3.200, 9100, X1      TCP Port: 9100



The source IP's (192.168.1.151, 192.168.1.117, 192.168.1.113) are valid PCs on the main network, but the destination IPs are not on the remote network.

1.151 is always trying to access 3.106
1.117 is always trying to access 3.200
1.113 is always trying to access 3.200
0
Comment
Question by:pmitllc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 6

Author Comment

by:pmitllc
ID: 40530315
I ran wireshark on the 1.151 system and see this entry for the above destination:

192.168.1.151      192.168.3.106      TCP      62      [TCP Spurious Retransmission] 57380→9100 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1
0
 
LVL 6

Accepted Solution

by:
pmitllc earned 0 total points
ID: 40530668
Apparently a lot of these systems still had old printers locally installed that were pointing to these destinations.  

Once they were removed, the notices went away.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question