Sonicwall 4100 wrong NAT

Hello Group,

I discovered a problem on a Sonicwall 4100 and NAT. On the external Address is the sonicwall connected, 2 hosts are behind the firewall. Host A sends a icmp echo request to an external IP, the reply comes as expected. If I now start an icmp echo request from host B to the same external IP, the expected reply comes and the reply which is usually for host A comes also to host B. On the Sonicwall itlsef I sniffed via the included packet trace and it seems all to be correct. But the second reply on host B has the sequence number of the echo request it was sent by host A, by this time host A doesn't get any icmp reply packets. Does anyone have similar problems? BTW: I have a open ticket at sonisupport since a week with no solution...

regards

Reply to
Burkhard Ott
Loading thread data ...

Am Tue, 22 May 2007 06:53:33 +0000 schrieb Burkhard Ott:

The problem comes only up with firware 3.5.x, I've never seen more crap like this. If somebody thinks about buying sonicwall, be warned you get for the same money better stuff than sonicwall.

Reply to
Burkhard Ott

I've dealt with SonicWall numerous times, never had a real problem that couldn't be fixed. Contact them and if the problem is theirs, they will fix it. But then again, if you bought your 4100 second hand, then you might have to spend a few bucks to get some support...

Reply to
RedForeman

Am Wed, 30 May 2007 06:06:28 -0700 schrieb RedForeman:

Haha, Sonicwall is the worst crap I've ever seen. We've bought all new stuff 3x 4100 and 2x 5600, here some examples what the technical support told me (3rd level enginrer)

  1. problem if you ping from 2 hosts (lan side) only one receives the icmp packets for both, the regular reply and the reply for host 2.
  2. RSA keylen >=4096 crashes the firewall, after a successfull ssh login the session will be closed and after the new connect you get a new hostkey and the session will be closed.
  3. IPSec VPN implementation is absolutely bogus, if you want more information I can tell you really nice stories.
  4. Sometimes the whole box crashes for no reason.
  5. CFS filters even if its switched off. etc.... The technical support has no idea how to fix that, but they could see and rebuild the problems as I described. The support need really more lessons how IPSec works, they had no idea how it works and told me totaly bullshit. (The would like filter phase2 Networkinformation via the firewall rules, isn't that nice). The result is, we bring the crap back.

Everybody be warned keep the hands off from sonicwall.

Reply to
Burkhard Ott

Am Wed, 30 May 2007 14:43:15 +0000 schrieb Burkhard Ott:

I still have an addition, I discovered on both sonicwalls (4100 and 5600) a bug. If you need ospf on 2 devices, let's say x0 and x1 then the ospfd stops on all devices. The support (we use the highest level support) told me yep thats a bug nothing else. Whooohoo a bug and now, nothing about fixing nothing about a workaround how to deal with this. The datathroughput is incedible slow, we're hooked up to an 100 Mbit line, the maximum throughput was at the highest level 4 Mbit (that was a good day), normally we get 1 Mbit. With the Laptop direct on the (external) line I have 100 Mbit and it doesn't matter how much sensless *.iso files I download, the rate is almost constant. The sonicsupport means "...even when content filtering is switched off, it still works because it's deep inspection and the cpu isn't used that much.." isn't that bullshit? It's nice that you don't have such problems, I discovered all these bugs on 5 sonicwalls, the support tells me 3 weeks the same crap "yes can see the same problems, we will escalate to the engineers", thats it. No never sonicwall in my area of the datacenter!

Reply to
Burkhard Ott

Got me... I only used it for simple installs... obviously you're situation is not as simple...

ymmv

RedForeman

Reply to
RedForeman

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.