Sonicwall SOHO3 dropping connections b/c of Rule 6

On 24 May 2006 20:02:22 -0700, snipped-for-privacy@gmail.com spoketh

Are you sure that both the source and destination satisfies the criteria in rule 6? If a rule is restricting the source (ip and/or port), then sources not meeting that criteria will get denied ... same with destination.

If the rule isn't working for you, delete it and re-create it from scratch. It's not unheard of that rules gets corrupted, although I cannot dig up any documentation for this. So, delete it, and recreate it, and see if that'll give you the result you are looking for.

Lars M. Hansen

'badnews' with 'news' in e-mail address)

Thanks much for the reply :)

To confirm that the "Rule 6" deny is as much a mistake as I believe it to be, I added an ALLOW from * to * - and disabled all DENYs. As such, I'd expect nothing to be dropped by the firewall - but the firewall's occasionally dropping connections both from the remote end of a VPN - as well as just a simple internal login to the firewall. For the simple example, my computer's IP is 192.168.2.100, the firewall is

192.168.2.1 - and occasionally I'm seeing entries in the firewall for:

Date/Time: 05/25/2006 10:56:28.848 Action: Web access request dropped Source: 192.168.2.100, 3045, LAN (admin) Dest: 192.168.2.1, 80, LAN Service: Web (HTTP) Rule: 6

Even though Rule 6 is an ALLOW, and the computer I'm using to access to the firewall to read the above log entry is the same one that the log claims is being dropped.

Will def. try the delete rules and re-add them. If that doesn't work will try completely resetting the firewall back to scratch - then rebuild it up. Either way will post results.

thanks again

Quick follow up. Since this firewall is just for testing (setup at my apartment) until I get it working:

Deleted almost all the rules such that:

1) There are only 5 rules. 2) One of the rules is an ALLOW from * to * 3) There are no DENYs.

Still, I'm occasionally getting a dropped connection according to Rule

2. Also, friend suggested it might have something to do with fragmented packets getting dropped somewhere/how. Will check on that as well and post results.

Adding an "Allow * to *" won't help, because the firewall works on a "most specific rule" rule, rather than a top-down processing. So, whichever rule is the best match will take precedence, and any deny rule will take precedence over any allow rule. So, if your rule 6 is messed up for some reason, then it could override the "Allow * to *" rule and drop the connection.

Also, deleting rules doesn't renumber them, so the fact that you have only 5 rules, and are still getting dropped connections due to rule 6 doesn't really mean anything other than something is weird with your rules, and you'd be better off starting from scratch.

While you're at it, see if you can load the newest firmware revision for your model...

Thanks again for the response - def. appreciate any/all feedback. On to responses though:

Adding an "Allow * to *" won't help, because the firewall works on a "most specific rule" rule, rather than a top-down processing. So, whichever rule is the best match will take precedence, and any deny rule will take precedence over any allow rule

While you're at it, see if you can load the newest firmware revision for your model...

On 25 May 2006 09:56:56 -0700, snipped-for-privacy@gmail.com spoketh

Update for any interested:

This weekend I wiped the SOHO3 clean (via holding reset button while powering on/off). Reloaded the latest firmware on it again and reconfig'd everything as desired - and happily the VPN is working perfectly now :)

Thanks veru much to all who responded