Sonicwall Netextender SSL VPN Cant Ping by hostname only FQDN

noclav
noclav used Ask the Experts™
on
I have a TZ105 and i setup SSL VPN with NETBIOS enabled. I configured the Client Settings DNS Server address for our internal dns server. So i can now ping hostname.domain.local but cant ping hostname. Any Suggestions?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
J SpoorTME / Network Security Evangelist
Commented:
for that you need to use WINS.
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
Hi noclav,

What SonicOS version are you running?

Enabling Windows Networking (NetBios) BroadCast is only half of the equation. You need to enable IP Helper, which is the other half of it. Previous to SonicOS 6.2.4.3 the configuration was to enable both Windows Networking (NetBios) BroadCast & IP Helper Policies but since then it is accomplished entirely by the IP Helper Policies.

If you have no reason to run WINS, its not necessary. Reasons to run it are specifically legacy apps. AD DS uses DNS for name resolution.
J SpoorTME / Network Security Evangelist

Commented:
WINS is a better alternative than NetBIOS broadcasts
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
SonicOS Enhanced 5.8.1.15-48o

The DC is doing DNS and yes its pointed to it.

Author

Commented:
i just updated the fw to        SonicOS Enhanced 5.8.4.2-13o and same issue.
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
So when you perform a lookup you see your DNS server?

In the SSL VPN config have you setup the an external server for DHCP opposed to the SonicWALL IP Pool (essentially SonicWALL's DHCP server)? If that is the case, SonicWALL would default to its internal DNS thereby causing issue.

@J Spoor correct me if I'm wrong but to my understanding the OP is talking about needing hostname resolution...WINS translates the NetBIOS names to IP addresses, while DNS translates hostnames to IP addresses.
J SpoorTME / Network Security Evangelist

Commented:
" So i can now ping hostname.domain.local but cant ping hostname."

so dns works for him, but not NetBIOS name resolution.

Use WINS, don't rely on NETBIOS broadcasts :) Broadcasts are a waste of bandwidth. Use unicasts :)

Author

Commented:
i hate to install wins just for the vpn. I have another site with a sonicwall that works fine. The only difference is that the site that works fine has a domain of .com and the site thats not working well has a domain of .local i wonder if its because linux treats .local as an internal domain vs .com and i assume sonicos is based of of a linux distro.  As for IPS i setup a range that the sonicwall will hand out.
J SpoorTME / Network Security Evangelist

Commented:
SonicWall is not based on Linux

if you don't want wins, then as Diverse it said, enable NetBIOS on ssl vpn

Author

Commented:
netbios is enabled on sslvpn
Blue Street TechLast Knight
Distinguished Expert 2018
Commented:
OK so if you don't want to setup WINS then you need to configure an IPHelper policy.

Here is how you setup the IPHelper policy:
  1. Login to the SonicWALL & go to Network > IPHelper.
  2. Under IP Helper settings, select the checkbox next to Enable IP Helper.
  3. Under Relay Protocols select the Enable checkbox of NetBIOS & click Accept button to save the config.
  4. Under Policies, click Add button:
  5.        Add IP Helper Policy window will display.
  6.        Select the checkbox next to Enable policy
  7.        Choose NetBIOS from the Protocol drop-down list
  8.        Select the appropriate source and destination in the From/To drop-down list.

You need to create another reflexive policy with From/To field interchanged to make sure NetBIOS works correctly.

Let us know if you need any other help!
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
Any update on this?
Commented:
i tried everything except wins server. i have a similar setup on another account with a tz400 and it works fine even without enabling netbios ssl. So i told them to just use hostname.domain.local.
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
For the questioned devices that are not NetBIOS available...are they at all? Have you checked to see if their NetBIOS over TCP/IP have been disabled?

Author

Commented:
I could not resolve this

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial