Sonicwall NSA2400 - No internet accessServer 2008 R2 DNS not resolving TLD'sOdd Site-to-site VPN connectivity issueUnable to ping or access internetSonicwall Enhanced With One-To-One NAT, Firewall Blocking EverythingSonicwall NSA 240, Configured for LAN and DMZ, X0 and X2 on same switch - ping issuesTwo email servers behind Sonicwall unable to communicate with each otherSonicwall NSA with ping/Internet to wakeWebsever behind Sonicwall, Gateway TimeoutDNS and PING failure - Windows 2003 DNS and SonicWall NSA240Installed a new Sonicwall at MPLS provider's DC, got it working by luck but have no idea WHY it's working like thisopenvpn client behind sonicwall can't see WAN
Why could the Lunar Ascent Engine be used only once?
Failing students when it might cause them economic ruin
Why aren't satellites disintegrated even though they orbit earth within earth's Roche Limits?
Vehemently against code formatting
How could the B-29 bomber back up under its own power?
How come Arya Stark wasn't hurt by this in Game of Thrones Season 8 Episode 5?
Easier way to draw a filled ellipse with top edge dashed and bottom edge solid?
Parse a C++14 integer literal
What should I wear to go and sign an employment contract?
Hotel booking: Why is Agoda much cheaper than booking.com?
Latin words remembered from high school 50 years ago
Can the word crowd refer to just 10 people?
Why didn't Daenerys' advisers suggest assassinating Cersei?
On a piano, are the effects of holding notes and the sustain pedal the same for a single chord?
How could Dwarves prevent sand from filling up their settlements
Greek theta instead of lower case þ (Icelandic) in TexStudio
Does the Aboleth have expertise in history and perception?
How do we explain the use of a software on a math paper?
How can I prevent Bash expansion from passing files starting with "-" as argument?
How to safely discharge oneself
Will this series of events work to drown the Tarrasque?
Head-internal relative clauses
Very serious stuff - Salesforce bug enabled "Modify All"
Does science define life as "beginning at conception"?
Sonicwall NSA2400 - No internet access
Server 2008 R2 DNS not resolving TLD'sOdd Site-to-site VPN connectivity issueUnable to ping or access internetSonicwall Enhanced With One-To-One NAT, Firewall Blocking EverythingSonicwall NSA 240, Configured for LAN and DMZ, X0 and X2 on same switch - ping issuesTwo email servers behind Sonicwall unable to communicate with each otherSonicwall NSA with ping/Internet to wakeWebsever behind Sonicwall, Gateway TimeoutDNS and PING failure - Windows 2003 DNS and SonicWall NSA240Installed a new Sonicwall at MPLS provider's DC, got it working by luck but have no idea WHY it's working like thisopenvpn client behind sonicwall can't see WAN
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
We've got a SonicWall NSA2400 configured with a LAN (X0) and a WAN(X1) interface.
It was setup and working fine until just recently when a temporary worker changed some settings most likely NAT.
We can ping on the LAN just fine, we also have another FW setup that works just fine with internet connectivity so we know that's not the issue.
Pinging between the two firewalls work fine and also inbetween clients.
We have tried NAT rules that blows everything wide open, basically allow Any to Any with Any service and so forth. We cannot ping our ISP DNS either. We even tried adding the Google DNS (8.8.8.8) to no avail.
If I setup a computer with the WAN IP & DNS everything works fine, same as through other FW's.
I don't have much experience with SW FW's, what is interesting however is that if you ping out from a client. It is able to resolve the hostname to an IP, e.g.
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Request timed out.
Request timed out.
Etc.
This works for ANY address/hostname we ping, it will resolve to IP then timeout.
Trying to go through a webpage to both hostname or IP and it won't connect.
Has anyone ran into a similar problem? Any help would be greatly appreciated.
Thanks in advance and best regards.
Tom
domain-name-system firewall ping sonicwall
asked Aug 30 '12 at 17:40
Tom EricksonTom Erickson
612
add a comment |
We've got a SonicWall NSA2400 configured with a LAN (X0) and a WAN(X1) interface.
It was setup and working fine until just recently when a temporary worker changed some settings most likely NAT.
We can ping on the LAN just fine, we also have another FW setup that works just fine with internet connectivity so we know that's not the issue.
Pinging between the two firewalls work fine and also inbetween clients.
We have tried NAT rules that blows everything wide open, basically allow Any to Any with Any service and so forth. We cannot ping our ISP DNS either. We even tried adding the Google DNS (8.8.8.8) to no avail.
If I setup a computer with the WAN IP & DNS everything works fine, same as through other FW's.
I don't have much experience with SW FW's, what is interesting however is that if you ping out from a client. It is able to resolve the hostname to an IP, e.g.
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Request timed out.
Request timed out.
Etc.
This works for ANY address/hostname we ping, it will resolve to IP then timeout.
Trying to go through a webpage to both hostname or IP and it won't connect.
Has anyone ran into a similar problem? Any help would be greatly appreciated.
Thanks in advance and best regards.
Tom
domain-name-system firewall ping sonicwall
asked Aug 30 '12 at 17:40
Tom EricksonTom Erickson
612
What does the Sonicwall's routing table look like (Network -> Routing)?
– KJ-SRS
Aug 30 '12 at 19:51
I had something somewhat similar: serverfault.com/questions/791870/…
– Travis
Oct 4 '16 at 16:44
Can you expand with trace route ?
– Timothy Frew
Apr 24 '18 at 23:09
add a comment |
We've got a SonicWall NSA2400 configured with a LAN (X0) and a WAN(X1) interface.
It was setup and working fine until just recently when a temporary worker changed some settings most likely NAT.
We can ping on the LAN just fine, we also have another FW setup that works just fine with internet connectivity so we know that's not the issue.
Pinging between the two firewalls work fine and also inbetween clients.
We have tried NAT rules that blows everything wide open, basically allow Any to Any with Any service and so forth. We cannot ping our ISP DNS either. We even tried adding the Google DNS (8.8.8.8) to no avail.
If I setup a computer with the WAN IP & DNS everything works fine, same as through other FW's.
I don't have much experience with SW FW's, what is interesting however is that if you ping out from a client. It is able to resolve the hostname to an IP, e.g.
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Request timed out.
Request timed out.
Etc.
This works for ANY address/hostname we ping, it will resolve to IP then timeout.
Trying to go through a webpage to both hostname or IP and it won't connect.
Has anyone ran into a similar problem? Any help would be greatly appreciated.
Thanks in advance and best regards.
Tom
domain-name-system firewall ping sonicwall
asked Aug 30 '12 at 17:40
Tom EricksonTom Erickson
612
We've got a SonicWall NSA2400 configured with a LAN (X0) and a WAN(X1) interface.
It was setup and working fine until just recently when a temporary worker changed some settings most likely NAT.
We can ping on the LAN just fine, we also have another FW setup that works just fine with internet connectivity so we know that's not the issue.
Pinging between the two firewalls work fine and also inbetween clients.
We have tried NAT rules that blows everything wide open, basically allow Any to Any with Any service and so forth. We cannot ping our ISP DNS either. We even tried adding the Google DNS (8.8.8.8) to no avail.
If I setup a computer with the WAN IP & DNS everything works fine, same as through other FW's.
I don't have much experience with SW FW's, what is interesting however is that if you ping out from a client. It is able to resolve the hostname to an IP, e.g.
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Request timed out.
Request timed out.
Etc.
This works for ANY address/hostname we ping, it will resolve to IP then timeout.
Trying to go through a webpage to both hostname or IP and it won't connect.
Has anyone ran into a similar problem? Any help would be greatly appreciated.
Thanks in advance and best regards.
Tom
domain-name-system firewall ping sonicwall
domain-name-system firewall ping sonicwall
asked Aug 30 '12 at 17:40
Tom EricksonTom Erickson
612
asked Aug 30 '12 at 17:40
Tom EricksonTom Erickson
612
asked Aug 30 '12 at 17:40
Tom EricksonTom Erickson
612
asked Aug 30 '12 at 17:40
Tom EricksonTom Erickson
612
asked Aug 30 '12 at 17:40
Tom EricksonTom Erickson
612
612
What does the Sonicwall's routing table look like (Network -> Routing)?
– KJ-SRS
Aug 30 '12 at 19:51
I had something somewhat similar: serverfault.com/questions/791870/…
– Travis
Oct 4 '16 at 16:44
Can you expand with trace route ?
– Timothy Frew
Apr 24 '18 at 23:09
add a comment |
What does the Sonicwall's routing table look like (Network -> Routing)?
– KJ-SRS
Aug 30 '12 at 19:51
I had something somewhat similar: serverfault.com/questions/791870/…
– Travis
Oct 4 '16 at 16:44
Can you expand with trace route ?
– Timothy Frew
Apr 24 '18 at 23:09
What does the Sonicwall's routing table look like (Network -> Routing)?
– KJ-SRS
Aug 30 '12 at 19:51
What does the Sonicwall's routing table look like (Network -> Routing)?
– KJ-SRS
Aug 30 '12 at 19:51
I had something somewhat similar: serverfault.com/questions/791870/…
– Travis
Oct 4 '16 at 16:44
I had something somewhat similar: serverfault.com/questions/791870/…
– Travis
Oct 4 '16 at 16:44
Can you expand with trace route ?
– Timothy Frew
Apr 24 '18 at 23:09
Can you expand with trace route ?
– Timothy Frew
Apr 24 '18 at 23:09
add a comment |
4 Answers
4
active
oldest
votes
This is a pretty vague question. Since you don't know what the temp worker changed, it's hard to tell you what to undo. Do you have a copy of the backup settings? That would be the easiest way to get back to a working config.
If not, honestly, the easiest way may be to reset the device to factory defaults and reconfigure. Before you do, write down all pertinent IPs, custom firewall and NAT rules, etc. The fact that you started adding a bunch of Any to Any NAT rules (without knowing what they do) is really going to mess things up.
Hope that helps
answered Aug 30 '12 at 17:57
Jim G.Jim G.
2,36711317
add a comment |
Just the log and see if the firewall is dropping packets based on missing or "deny" rules. ifyou don't see anything in there, it might be a missing nat rule, but generally the outbound default rules take care of outbound traffic unless blocked by a firewall rule. Generally speaking though, by default LAN->WAN traffic allows all.
answered Aug 30 '12 at 19:48
MikeAWoodMikeAWood
2,3811813
add a comment |
In Sonicwall firewalls, regardless of whether you have multiple internet providers or just one, you have to set at least one interface in the default LB group in Network > Failover & LB > Default LB Group, as shown in this screenshot:
answered Jan 25 '14 at 23:40
Gabriel TalaveraGabriel Talavera
1,1971917
add a comment |
Start with the logs. Don't go diving in changing the configuration straight off the bat, it usually makes things worse and you end up forgetting what you changed as well.
Hopefully, by looking at the logs you should be able to identify what was changed. Failing that, can you see through the logs if the firewall is dropping/rejecting packets?
The fact that you can resolve DNS suggests that your routing and NAT is in place (unless you are running an internal caching nameserver), but general traffic is being blocked. This sounds to me like a firewall rule gone wrong.
Failing all of the above, take a backup of the system logs now so you can analyse them later, then just restore the system from a good backup. You should then analyse the logs of the 'broken' config to identify what was done.
answered Aug 17 '15 at 7:51
tomstephens89tomstephens89
661823
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f422992%2fsonicwall-nsa2400-no-internet-access%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
This is a pretty vague question. Since you don't know what the temp worker changed, it's hard to tell you what to undo. Do you have a copy of the backup settings? That would be the easiest way to get back to a working config.
If not, honestly, the easiest way may be to reset the device to factory defaults and reconfigure. Before you do, write down all pertinent IPs, custom firewall and NAT rules, etc. The fact that you started adding a bunch of Any to Any NAT rules (without knowing what they do) is really going to mess things up.
Hope that helps
answered Aug 30 '12 at 17:57
Jim G.Jim G.
2,36711317
add a comment |
This is a pretty vague question. Since you don't know what the temp worker changed, it's hard to tell you what to undo. Do you have a copy of the backup settings? That would be the easiest way to get back to a working config.
If not, honestly, the easiest way may be to reset the device to factory defaults and reconfigure. Before you do, write down all pertinent IPs, custom firewall and NAT rules, etc. The fact that you started adding a bunch of Any to Any NAT rules (without knowing what they do) is really going to mess things up.
Hope that helps
answered Aug 30 '12 at 17:57
Jim G.Jim G.
2,36711317
add a comment |
This is a pretty vague question. Since you don't know what the temp worker changed, it's hard to tell you what to undo. Do you have a copy of the backup settings? That would be the easiest way to get back to a working config.
If not, honestly, the easiest way may be to reset the device to factory defaults and reconfigure. Before you do, write down all pertinent IPs, custom firewall and NAT rules, etc. The fact that you started adding a bunch of Any to Any NAT rules (without knowing what they do) is really going to mess things up.
Hope that helps
answered Aug 30 '12 at 17:57
Jim G.Jim G.
2,36711317
This is a pretty vague question. Since you don't know what the temp worker changed, it's hard to tell you what to undo. Do you have a copy of the backup settings? That would be the easiest way to get back to a working config.
If not, honestly, the easiest way may be to reset the device to factory defaults and reconfigure. Before you do, write down all pertinent IPs, custom firewall and NAT rules, etc. The fact that you started adding a bunch of Any to Any NAT rules (without knowing what they do) is really going to mess things up.
Hope that helps
answered Aug 30 '12 at 17:57
Jim G.Jim G.
2,36711317
answered Aug 30 '12 at 17:57
Jim G.Jim G.
2,36711317
answered Aug 30 '12 at 17:57
Jim G.Jim G.
2,36711317
answered Aug 30 '12 at 17:57
Jim G.Jim G.
2,36711317
2,36711317
add a comment |
add a comment |
Just the log and see if the firewall is dropping packets based on missing or "deny" rules. ifyou don't see anything in there, it might be a missing nat rule, but generally the outbound default rules take care of outbound traffic unless blocked by a firewall rule. Generally speaking though, by default LAN->WAN traffic allows all.
answered Aug 30 '12 at 19:48
MikeAWoodMikeAWood
2,3811813
add a comment |
Just the log and see if the firewall is dropping packets based on missing or "deny" rules. ifyou don't see anything in there, it might be a missing nat rule, but generally the outbound default rules take care of outbound traffic unless blocked by a firewall rule. Generally speaking though, by default LAN->WAN traffic allows all.
answered Aug 30 '12 at 19:48
MikeAWoodMikeAWood
2,3811813
add a comment |
Just the log and see if the firewall is dropping packets based on missing or "deny" rules. ifyou don't see anything in there, it might be a missing nat rule, but generally the outbound default rules take care of outbound traffic unless blocked by a firewall rule. Generally speaking though, by default LAN->WAN traffic allows all.
answered Aug 30 '12 at 19:48
MikeAWoodMikeAWood
2,3811813
Just the log and see if the firewall is dropping packets based on missing or "deny" rules. ifyou don't see anything in there, it might be a missing nat rule, but generally the outbound default rules take care of outbound traffic unless blocked by a firewall rule. Generally speaking though, by default LAN->WAN traffic allows all.
answered Aug 30 '12 at 19:48
MikeAWoodMikeAWood
2,3811813
answered Aug 30 '12 at 19:48
MikeAWoodMikeAWood
2,3811813
answered Aug 30 '12 at 19:48
MikeAWoodMikeAWood
2,3811813
answered Aug 30 '12 at 19:48
MikeAWoodMikeAWood
2,3811813
2,3811813
add a comment |
add a comment |
In Sonicwall firewalls, regardless of whether you have multiple internet providers or just one, you have to set at least one interface in the default LB group in Network > Failover & LB > Default LB Group, as shown in this screenshot:
answered Jan 25 '14 at 23:40
Gabriel TalaveraGabriel Talavera
1,1971917
add a comment |
In Sonicwall firewalls, regardless of whether you have multiple internet providers or just one, you have to set at least one interface in the default LB group in Network > Failover & LB > Default LB Group, as shown in this screenshot:
answered Jan 25 '14 at 23:40
Gabriel TalaveraGabriel Talavera
1,1971917
add a comment |
In Sonicwall firewalls, regardless of whether you have multiple internet providers or just one, you have to set at least one interface in the default LB group in Network > Failover & LB > Default LB Group, as shown in this screenshot:
answered Jan 25 '14 at 23:40
Gabriel TalaveraGabriel Talavera
1,1971917
In Sonicwall firewalls, regardless of whether you have multiple internet providers or just one, you have to set at least one interface in the default LB group in Network > Failover & LB > Default LB Group, as shown in this screenshot:
answered Jan 25 '14 at 23:40
Gabriel TalaveraGabriel Talavera
1,1971917
answered Jan 25 '14 at 23:40
Gabriel TalaveraGabriel Talavera
1,1971917
answered Jan 25 '14 at 23:40
Gabriel TalaveraGabriel Talavera
1,1971917
answered Jan 25 '14 at 23:40
Gabriel TalaveraGabriel Talavera
1,1971917
1,1971917
add a comment |
add a comment |
Start with the logs. Don't go diving in changing the configuration straight off the bat, it usually makes things worse and you end up forgetting what you changed as well.
Hopefully, by looking at the logs you should be able to identify what was changed. Failing that, can you see through the logs if the firewall is dropping/rejecting packets?
The fact that you can resolve DNS suggests that your routing and NAT is in place (unless you are running an internal caching nameserver), but general traffic is being blocked. This sounds to me like a firewall rule gone wrong.
Failing all of the above, take a backup of the system logs now so you can analyse them later, then just restore the system from a good backup. You should then analyse the logs of the 'broken' config to identify what was done.
answered Aug 17 '15 at 7:51
tomstephens89tomstephens89
661823
add a comment |
Start with the logs. Don't go diving in changing the configuration straight off the bat, it usually makes things worse and you end up forgetting what you changed as well.
Hopefully, by looking at the logs you should be able to identify what was changed. Failing that, can you see through the logs if the firewall is dropping/rejecting packets?
The fact that you can resolve DNS suggests that your routing and NAT is in place (unless you are running an internal caching nameserver), but general traffic is being blocked. This sounds to me like a firewall rule gone wrong.
Failing all of the above, take a backup of the system logs now so you can analyse them later, then just restore the system from a good backup. You should then analyse the logs of the 'broken' config to identify what was done.
answered Aug 17 '15 at 7:51
tomstephens89tomstephens89
661823
add a comment |
Start with the logs. Don't go diving in changing the configuration straight off the bat, it usually makes things worse and you end up forgetting what you changed as well.
Hopefully, by looking at the logs you should be able to identify what was changed. Failing that, can you see through the logs if the firewall is dropping/rejecting packets?
The fact that you can resolve DNS suggests that your routing and NAT is in place (unless you are running an internal caching nameserver), but general traffic is being blocked. This sounds to me like a firewall rule gone wrong.
Failing all of the above, take a backup of the system logs now so you can analyse them later, then just restore the system from a good backup. You should then analyse the logs of the 'broken' config to identify what was done.
answered Aug 17 '15 at 7:51
tomstephens89tomstephens89
661823
Start with the logs. Don't go diving in changing the configuration straight off the bat, it usually makes things worse and you end up forgetting what you changed as well.
Hopefully, by looking at the logs you should be able to identify what was changed. Failing that, can you see through the logs if the firewall is dropping/rejecting packets?
The fact that you can resolve DNS suggests that your routing and NAT is in place (unless you are running an internal caching nameserver), but general traffic is being blocked. This sounds to me like a firewall rule gone wrong.
Failing all of the above, take a backup of the system logs now so you can analyse them later, then just restore the system from a good backup. You should then analyse the logs of the 'broken' config to identify what was done.
answered Aug 17 '15 at 7:51
tomstephens89tomstephens89
661823
answered Aug 17 '15 at 7:51
tomstephens89tomstephens89
661823
answered Aug 17 '15 at 7:51
tomstephens89tomstephens89
661823
answered Aug 17 '15 at 7:51
tomstephens89tomstephens89
661823
661823
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f422992%2fsonicwall-nsa2400-no-internet-access%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What does the Sonicwall's routing table look like (Network -> Routing)?
– KJ-SRS
Aug 30 '12 at 19:51
I had something somewhat similar: serverfault.com/questions/791870/…
– Travis
Oct 4 '16 at 16:44
Can you expand with trace route ?
– Timothy Frew
Apr 24 '18 at 23:09