Why internal users ping to Internet no reply in DELL SonicWall?
This is a new implementation of DELL Sonicwall NSA3600, in HA. Firmware version is, SonicOS Enhanced 6.2.5.1-26n. The problem is no matter how I tried, I am not able to get the internal users to get the ping reply from Internet. For example, if user ping "www.google.com", they don't get echo reply. If I remember correctly, I still managed to get the ping reply in the initial stage, but after configure address objects (private and public), Nat policies, and firewall access rules, suddenly from that moment on, no echo reply is possible.
What could be the problem? How to solve it?
thanks in advance.
What could be the problem? How to solve it?
thanks in advance.
ASKER
Hi Russ,
I checked through all the NAT policies, didn't seem to find anything wrong.
I checked through all the NAT policies, didn't seem to find anything wrong.
They can be hard to trace. You could try creating an extremely promiscuous "allow all" policy and temporarily enabling it. You should also double check that you're pinging a destination that is responding.
hi there,
Have you managed to verify the real time traffic on the firewall logs?
This would give you an idea of the policy that is getting intercepted when you initiate traffic.
Also kindly confirm if the ISP link is directly terminated on your firewall.
Have you managed to verify the real time traffic on the firewall logs?
This would give you an idea of the policy that is getting intercepted when you initiate traffic.
Also kindly confirm if the ISP link is directly terminated on your firewall.
Did you add any firewall rules for LAN to WAN that block anything?
ASKER
Hi Carlmd,
I will check on this.
I will check on this.
Hi Michael,
By default LAN > WAN Access Rules are set to Allow, Any, Any, All. I'd reboot the firewall and make sure the firmware is the latest release. I checked and your current SonicOS version does not have any known issues with what you have described. Remember in HA you must have both firewalls on the same SonicOS version. I'd use Packet Capture on your SonicWALL to determine what is blocking ping.
Let me know how it goes!
By default LAN > WAN Access Rules are set to Allow, Any, Any, All. I'd reboot the firewall and make sure the firmware is the latest release. I checked and your current SonicOS version does not have any known issues with what you have described. Remember in HA you must have both firewalls on the same SonicOS version. I'd use Packet Capture on your SonicWALL to determine what is blocking ping.
Let me know how it goes!
ASKER
Hi Diverseit,
Let me check and get back to you later.
Let me check and get back to you later.
Hi Michael,
...any update?
The default NAT Policies are all you need in order to make this work. You don't need to add or modify any NAT Policies. You should try to enable Ping on the WAN Interface....as a test.
Let me know how it goes!
...any update?
The default NAT Policies are all you need in order to make this work. You don't need to add or modify any NAT Policies. You should try to enable Ping on the WAN Interface....as a test.
Let me know how it goes!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank for expert - Fred's suggestion, I formatted the configuration, and then re-setup the sonicwall from the scratch. Now, no more pinging issue.
Also, double check that the destination you're trying to ping actually responds to ping requests. The last time I checked, google.com doesn't respond to pings.