Sonicwall NSA2400 - No internet access

Question

We've got a SonicWall NSA2400 configured with a LAN (X0) and a WAN(X1) interface. It was setup and working fine until just recently when a temporary worker changed some settings most likely NAT.

We can ping on the LAN just fine, we also have another FW setup that works just fine with internet connectivity so we know that's not the issue. Pinging between the two firewalls work fine and also inbetween clients.

We have tried NAT rules that blows everything wide open, basically allow Any to Any with Any service and so forth. We cannot ping our ISP DNS either. We even tried adding the Google DNS (8.8.8.8) to no avail.

If I setup a computer with the WAN IP & DNS everything works fine, same as through other FW's.

I don't have much experience with SW FW's, what is interesting however is that if you ping out from a client. It is able to resolve the hostname to an IP, e.g.

Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Request timed out. Request timed out. Etc.

This works for ANY address/hostname we ping, it will resolve to IP then timeout. Trying to go through a webpage to both hostname or IP and it won't connect.

Has anyone ran into a similar problem? Any help would be greatly appreciated.

Thanks in advance and best regards.

Tom

What does the Sonicwall's routing table look like (Network -> Routing)? — KJ-SRS, Aug 30 '12 at 19:51
I had something somewhat similar: http://serverfault.com/questions/791870/server-2008-r2-dns-not-resolving-tlds — Travis, Oct 04 '16 at 16:44

score 1 · Answer 1 · answered Aug 17 '15 at 07:51

Start with the logs. Don't go diving in changing the configuration straight off the bat, it usually makes things worse and you end up forgetting what you changed as well.

Hopefully, by looking at the logs you should be able to identify what was changed. Failing that, can you see through the logs if the firewall is dropping/rejecting packets?

The fact that you can resolve DNS suggests that your routing and NAT is in place (unless you are running an internal caching nameserver), but general traffic is being blocked. This sounds to me like a firewall rule gone wrong.

Failing all of the above, take a backup of the system logs now so you can analyse them later, then just restore the system from a good backup. You should then analyse the logs of the 'broken' config to identify what was done.

score 0 · Answer 2 · answered Aug 30 '12 at 17:57

This is a pretty vague question. Since you don't know what the temp worker changed, it's hard to tell you what to undo. Do you have a copy of the backup settings? That would be the easiest way to get back to a working config.

If not, honestly, the easiest way may be to reset the device to factory defaults and reconfigure. Before you do, write down all pertinent IPs, custom firewall and NAT rules, etc. The fact that you started adding a bunch of Any to Any NAT rules (without knowing what they do) is really going to mess things up.

Hope that helps

score 0 · Answer 3 · answered Aug 30 '12 at 19:48

Just the log and see if the firewall is dropping packets based on missing or "deny" rules. ifyou don't see anything in there, it might be a missing nat rule, but generally the outbound default rules take care of outbound traffic unless blocked by a firewall rule. Generally speaking though, by default LAN->WAN traffic allows all.

score 0 · Answer 4 · answered Jan 25 '14 at 23:40

0

In Sonicwall firewalls, regardless of whether you have multiple internet providers or just one, you have to set at least one interface in the default LB group in Network > Failover & LB > Default LB Group, as shown in this screenshot:

enter image description here

answered Jan 25 '14 at 23:40

Gabriel Talavera

1,377
1
11
18

Sonicwall NSA2400 - No internet access

4 Answers4