SonicWall Help?

SonicWall Help?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
SonicWall Help? Michael 08-02-2004
|--> Re: SonicWall Help? shopping.nowtho...08-02-2004
Posted by Michael on August 2, 2004, 11:01 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I normally wouldn't consider this to be the right forum for a specific
product, but I'm really stuck. SonicWALL support is just awful and I'm
getting pretty frustrated here. Here's the story:

- We have a number of servers that serve out a public service.
- Each server has a public IP address on 131.107.58.0/26 with a default
gateway of 131.107.58.1 (our ISPs gateway)
- Each server also has a "back tier" connection of 10.10.1.0/24. There is no
gateway out of this subnet.
- Currently we firewall by setting ACLs on the switch

We bought a pair of PRO 3060s to take care of our firewall needs and I was
told that this firewall could just slip into our current setup. It was
described as follows:

- 100Mb ISP link goes into the WAN port of the 3060 (this link is currently
in our switch)
- Link goes from the LAN port on the 3060 to our switch
- We configure the server in "Transparent Mode" placing an IP of
131.107.58.2 on the 3060 and the range from 131.107.58.3-63 on "IntraNet"

Is this correct? Because if it is, it doesn't work. What ends up happening
is the arp entry on each server for the default gateway (131.107.58.1) ends
up being being mapped to the MAC of the 3060 and all servers lose
connectivity.

I really need help here and the support system that they have is just awful.
They're friendly, but I feel that they're more interested in finding a way
to fling the issue back on my lap so I have to wait another 24 hours for a
response (jokes like "We will need your serial number before we can
continue" and things like that).

Thanks guys. I hope someone can help.


Michael




Posted by shopping.nowthor.com on August 2, 2004, 7:24 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
wrote:
>
>I really need help here and the support system that they have is just awful.
>

Michael, isn't this a reason to simply return the boxes? Or are you
planning on being stuck with bad support for the life of the boxes?


Posted by Lars M. Hansen on August 2, 2004, 8:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Mon, 2 Aug 2004 11:01:45 -0700, Michael spoketh

>Is this correct? Because if it is, it doesn't work. What ends up happening
>is the arp entry on each server for the default gateway (131.107.58.1) ends
>up being being mapped to the MAC of the 3060 and all servers lose
>connectivity.
>

Isn't that what is supposed to happen? The servers needs to get directed
to the Sonicwall in order to get to the router, so I would think that
your arp table should look like that.

However, your problem might be on the router, not the firewall. Since it
has an arp table as well, you putting the firewall in between the router
and computers (and switch), it's arp table has become invalid, and it
might be trying to send traffic through using an old (and invalid) arp
entry. Try to clear out the arp cache on the router and see if that
helps.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"


Posted by T. Sean Weintz on August 4, 2004, 5:52 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Michael wrote:

> I normally wouldn't consider this to be the right forum for a specific
> product, but I'm really stuck. SonicWALL support is just awful and I'm
> getting pretty frustrated here. Here's the story:
>
> - We have a number of servers that serve out a public service.
> - Each server has a public IP address on 131.107.58.0/26 with a default
> gateway of 131.107.58.1 (our ISPs gateway)
> - Each server also has a "back tier" connection of 10.10.1.0/24. There is no
> gateway out of this subnet.
> - Currently we firewall by setting ACLs on the switch
>
> We bought a pair of PRO 3060s to take care of our firewall needs and I was
> told that this firewall could just slip into our current setup. It was
> described as follows:
>
> - 100Mb ISP link goes into the WAN port of the 3060 (this link is currently
> in our switch)
> - Link goes from the LAN port on the 3060 to our switch
> - We configure the server in "Transparent Mode" placing an IP of
> 131.107.58.2 on the 3060 and the range from 131.107.58.3-63 on "IntraNet"
>
> Is this correct? Because if it is, it doesn't work. What ends up happening
> is the arp entry on each server for the default gateway (131.107.58.1) ends
> up being being mapped to the MAC of the 3060 and all servers lose
> connectivity.
>
> I really need help here and the support system that they have is just awful.
> They're friendly, but I feel that they're more interested in finding a way
> to fling the issue back on my lap so I have to wait another 24 hours for a
> response (jokes like "We will need your serial number before we can
> continue" and things like that).
>
> Thanks guys. I hope someone can help.
>
>
> Michael
>
>
Not making much sense.

The arp enetries SHOULD map to the mac of the sonicwall - that is what
it is supposed to do. That is how it functions a s a firewall. The
packets to the deafault gateway go to the sonicwalls mac address, and it
then passes the on to the real gateway. That should not hose the
connections.

There is an option to turn this behavior off, but it's undocumented. go
to http://(sonicwall's ip address)/diag.html, click on the andvanced
prefs button and check off the box labeled "enable arp bridging" (or
something like that - don't rememebr the exact wording)


Similar ThreadsPosted
sonicwall ssl-vpn December 6, 2004, 10:30 am
SonicWall Pro 330 February 16, 2005, 12:14 am
Sonicwall pro 200 March 8, 2005, 3:25 pm
MIB for SonicWall PRO 200? March 10, 2005, 1:40 am
SonicWall VPN May 11, 2005, 4:05 pm
Sonicwall Pro NAT July 26, 2005, 7:49 am
sonicwall pro 100 vpn November 3, 2005, 4:57 am
sonicwall pro 100 November 7, 2005, 3:34 am
Sonicwall December 28, 2005, 4:33 pm
MS VPN through SonicWall TZ-170... January 14, 2006, 9:49 am

The site map in XML format XML site map

Contact Us | Privacy Policy