Solved

sonicewall interface routing

Posted on 2015-01-28
8
102 Views
Last Modified: 2015-02-07
We have a sonicwall NSA3500 (current firmware SonicOS Enhanced 5.9.0.2-107o)

The other day when we were transferring data from our wireless network to a file server I could not get over 10mbit. I noticed that it was bouncing the gateway! and have no idea why. 90% of the time the wireless devices are going out to the internet so no one noticed this issue.

x1 Lan1 10.10.10.x network gate 10.10.10.254
x3 Lan2 10.10.2.x network gate 10.10.2.254
Both of these interfaces go out through x0 to the internet.

IP of wireless laptop 10.10.2.168 goes out to the internet with zero issues. Can talk to anything on the 10.10.10.x network however they cant join a domain if they are on the 10.10.2.x network...seems to be bouncing the gateway to get back inside to the 10.10.10.x network Or its blocked some how.

Do I have to build a rule to prevent this? Firewalled subnet rule?
0
Comment
Question by:wlacroix
  • 5
  • 3
8 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40577524
Are lan1 and lan2 in different zones? Also are you sure they aren't x0 and x2? Normally x0 is lan, X1 is wan.
0
 
LVL 3

Author Comment

by:wlacroix
ID: 40577579
They are both marked as LAN.
We also have 2 wans on this with different IPs from different providers.

x0 LAN 10.10.10.x
x1 WAN
x2 LAN 10.10.1.x (voice)
x3 LAN 10.10.2.x
x4 unassigned
x5 WAN
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40577971
if x0 and x3 are interfaces with the correct subnet masks, and they are in the same zone, then by default all communication between them should be routed. The nat rules to do this are created automatically when you create the zones, same with x1 (wan). When you add x5 (wan2) you would have to add rules to choose which traffic goes out x5 vs x1. Since the default setup of a single wan and multiple lan subnets in the same zone shouldn't have the problems you are showing, it's probably some custom nat rules causing the problem.
0
 
LVL 3

Author Comment

by:wlacroix
ID: 40579906
Aaron, that makes total sense, I did a packet capture and test yesterday and it does NOT go out, but I have another tool that is reporting traffic on the interface and I have no idea why. I think the other tool has led me astray, because so far I cant verify it at all.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Accepted Solution

by:
wlacroix earned 0 total points
ID: 40584099
So I had a route on one of my other sonicwalls to move the 10.10.2.x traffic, so this was being dropped.

This rule was removed, and recreated on the other sonicwall.
After my test things seem alright now.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40584185
So you had a route in another piece of gear you didn't tell me about and that was causing the problem? Alright, and maybe next time you ask a question you can give all the details. We would have resolved this much quicker if you had explained the whole situation.
0
 
LVL 3

Author Comment

by:wlacroix
ID: 40584557
The original sonicwall that had this stuff still had the left over route in it. I was not part of that change over.
The issue above was with the old device, which had 2 route rules in it that I was unaware of.

So here is what they did.

x3 was moved from an old gateway\sonicwall NSA3500 to a new NSA 3500 on x3, different internet providers. They were trying to minimize downtime.
they built the interface on the new device, deleted the interface on the old device then nothing worked. I was just working on the wireless side bouncing the gateway, unaware of the other ticket that was issued to move this interface to another provider.
Anyway.....
Once this interface was created on the NEW NSA 3500, and moved over nothing worked at all with regards to in\out.

the old NSA was .254, the new NSA was .253
On the .254 they had a route for 10.10.2.x that pointed to the old provider
10.10.10.x and 10.10.2.x could not talk at all, due to old route.

Once I removed the route on .254 it all started working. Then I moved back to my original ticket about the 10.10.2.x network bouncing the gateway.
We did a packet capture on .253 sonicwall
This showed me the 10.10.2.x traffic going to the x0 interface with no issues, and no traffic bouncing the gateway.

At the time this was posted I did not know about the other ticket to move the interface, my apologizes.
0
 
LVL 3

Author Closing Comment

by:wlacroix
ID: 40595456
No solution given by an outside individual, this was handled internally.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now