SonicWall Help?

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I normally wouldn't consider this to be the right forum for a specific
product, but I'm really stuck.  SonicWALL support is just awful and I'm
getting pretty frustrated here.  Here's the story:

- We have a number of servers that serve out a public service.
- Each server has a public IP address on 131.107.58.0/26 with a default
gateway of 131.107.58.1 (our ISPs gateway)
- Each server also has a "back tier" connection of 10.10.1.0/24. There is no
gateway out of this subnet.
- Currently we firewall by setting ACLs on the switch

We bought a pair of PRO 3060s to take care of our firewall needs and I was
told that this firewall could just slip into our current setup. It was
described as follows:

- 100Mb ISP link goes into the WAN port of the 3060 (this link is currently
in our switch)
- Link goes from the LAN port on the 3060 to our switch
- We configure the server in "Transparent Mode" placing an IP of
131.107.58.2 on the 3060 and the range from 131.107.58.3-63 on "IntraNet"

Is this correct? Because if it is, it doesn't work. What ends up happening
is the arp entry on each server for the default gateway (131.107.58.1) ends
up being being mapped to the MAC of the 3060 and all servers lose
connectivity.

I really need help here and the support system that they have is just awful.
They're friendly, but I feel that they're more interested in finding a way
to fling the issue back on my lap so I have to wait another 24 hours for a
response (jokes like "We will need your serial number before we can
continue" and things like that).

Thanks guys. I hope someone can help.


Michael




Re: SonicWall Help?
wrote:
Quoted text here. Click to load it

Michael, isn't this a reason to simply return the boxes? Or are you
planning on being stuck with bad support for the life of the boxes?


Re: SonicWall Help?
Quoted text here. Click to load it
awful.

Oh my god...  I wish that they'd just let me do it in Linux.  But, these
firewalls were purchased before I got to this company and I inherited this
project.  I can push back on newer projects but I feel like I need to see
this one through...


Michael




Re: SonicWall Help?
On Mon, 02 Aug 2004 19:24:41 GMT, shopping.nowthor.com spoketh

Quoted text here. Click to load it

What, so he can buy some firewalls from you instead?

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"


Re: SonicWall Help?
On Mon, 2 Aug 2004 11:01:45 -0700, Michael spoketh

Quoted text here. Click to load it

Isn't that what is supposed to happen? The servers needs to get directed
to the Sonicwall in order to get to the router, so I would think that
your arp table should look like that.

However, your problem might be on the router, not the firewall. Since it
has an arp table as well, you putting the firewall in between the router
and computers (and switch), it's arp table has become invalid, and it
might be trying to send traffic through using an old (and invalid) arp
entry. Try to clear out the arp cache on the router and see if that
helps.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"


Re: SonicWall Help?
Michael wrote:

Quoted text here. Click to load it
Not making much sense.

The arp enetries SHOULD map to the mac of the sonicwall - that is what
it is supposed to do. That is how it functions a s a firewall. The
packets to the deafault gateway go to the sonicwalls mac address, and it
then passes the on to the real gateway. That should not hose the
connections.

There is an option to turn this behavior off, but it's undocumented. go
to http://(sonicwall's ip address)/diag.html, click on the andvanced
prefs button and check off the box labeled "enable arp bridging" (or
something like that - don't rememebr the exact wording)


Site Timeline