3

My sonicwall TZ-210 is answering arp queries on the wan subnet (which my isp doesn't like), basically mapping all the wan ips to its own mac address, causing network havoc since it is not set to route those back to the main isp gateway.

How the heck can I turn this behavior off? I have already entered in all wan subnet ips in the static arp cache and left them 'unpublished' which I presumed would mean that it did not bother answering arp queries for them. Apparently it did not do the trick. Arp queries are still being answered unfortunately.

What can I do? Any suggestions?

IsaacB
  • 335
  • 1
  • 5
  • 12
  • 1
    Reverse whatever you did to turn it on in the first place. That is by no means ordinary behaviour. – womble Jul 27 '11 at 23:16
  • Apparently this is the default behavior, actually. According to sonicwall tech support I have to remove a bunch of entries in the NAT table to stop it from doing this. – IsaacB Jul 28 '11 at 00:01
  • 2
    No, I cannot imagine that the default behaviour of any router is to ARP poison everything on a subnet connected to it. If it *is*, you need to destroy that evil device *immediately*. – womble Jul 28 '11 at 00:06
  • I just bought the thing, and followed a wizard. Then I set up a vpn using another wizard. I didn't at any time turn this on knowingly. I guess it's an evil device, then. The interface to configure it is horrible, too. I hate it. I'm just using it because there's 3 other sonicwalls in the company already that I just started working at. – IsaacB Jul 28 '11 at 00:40
  • 2
    Burn it! Burn it with **FIRE**! – womble Jul 28 '11 at 01:15
  • 2
    @IsaccB if you just bought the device it should be under warrenty. Contact Sonicwall support and they'll help you. They're great and you only get offshore about 50% of the time, which is a perc. – Nixphoe Aug 05 '11 at 15:31
  • What was the SonicOS version in question? – Skyhawk Aug 08 '11 at 02:46
  • Don't know, what a few days and I"ll log into it and tell you. – IsaacB Aug 08 '11 at 03:12
  • 1
    @Miles Erickson- it was SonicOS Enhanced 5.5.1.0-5o – IsaacB Aug 11 '11 at 21:21

2 Answers2

12

I've been stamping these out nationwide, one by one. I've finally found the exact CAUSE of the issue! Yesterday I sat in on a conference call with an IT Tech and SonicWALL. We opened a case and started troubleshooting. We went to the NAT Policies, there is a default Policy on older firmware models called "WAN PRIMARY SUBNET" you want to remove this policy Entirely. SonicWALL is making a change in their next firmware to fix this BUG.

OP edit: You should also flush the ARP cache in the ARP screen after you get rid of the wan primary subnet policies

Glorfindel
  • 1,213
  • 4
  • 15
  • 22
Mike Strout
  • 191
  • 3
  • Wow! Didn't expect someone to get the correct answer. Yes, I phoned sonicwall and they told me to disable all nat policies with "wan primary subnet" under "source translated" in the nat policies table. One final step is to flush the arp cache. I tested the fix by arping wan subnet ips with my laptop on the wan side. The fix is legit, it works. – IsaacB Aug 07 '11 at 20:03
  • 1
    For the life of me, I never would have guessed that a NAT policy would affect ARP. That is so messed up. – IsaacB Aug 07 '11 at 20:09
  • Mike, do you have the case# that was opened up with Sonicwall. This way it can be referenced when tickets are opened. –  Oct 10 '11 at 21:15
  • @Laura R. -My ticket number was #01658527 – IsaacB Nov 01 '11 at 23:16
  • Believe it or not these policies still exist in the tz-210 SonicOS Enhanced 5.8.1.5-46o –  Oct 25 '13 at 03:48
  • @ Mike...you can no longer see the screen shot. Anytime I have customer's with these Sonicwall issues I direct them to this link. It has been a huge help. –  Sep 19 '14 at 16:04
0

Maybe this is a function of the device supporting multiple WAN IP assignments? Some possible considerations:

  • Look into disabling the support of multiple WAN IPs, if only one is in use
  • Consider any possibly of firmware revisions from SonicWall which may behave differently
user48838
  • 7,431
  • 2
  • 18
  • 14