Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Allowing traffic across X0, X2 and X3

Hi,

I have the following configuration:

X0-main LAN

X1-WAN

X2-Phone LAN

X3-Another LAN

I would like to allow traffic across X0, X2 and X3 to flow but for the life of me i cannot get it to work. Any guidance would be most appreciated.

Category: Firewall Management and Analytics
Reply

Best Answers

  • CORRECT ANSWER
    JAlkazianJAlkazian Newbie ✭
    Accepted Answer

    Config: NSA 2650

  • CORRECT ANSWER
    SaravananSaravanan Moderator
    Accepted Answer

    @JAlkazian - As per the capture, seems like only the ping request is happening via the SonicWall from 10.3.63.212 to 10.3.64.57 and there were no responses found. Disable any windows firewall or client AV on the destination computer to check if the issue resolves. Sometimes end point security prevents the computers from responding to traffics coming from different subnets.

    In case if the above step didnt address the issue, then the issue requires real-time assistance. Please feel free to approach our support team as per below link for immediate assistance.


    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Answers

  • SaravananSaravanan Moderator

    Hi @JALKAZIAN,

    Welcome to SonicWall Community.

    You can achieve this by adding access rules on the SonicWall from X0 Main LAN to X2 Phone LAN and X3 Another LAN and vice versa.

    Please take a reference at the below KB article for access rule creation.

    In case if the access rules are already in place, we may need to enact packet capture on the firewall to trace the traffics between these interfaces and to rectify the issue. Please take a reference at the below KB article for packet monitor utilization.

    Let us know for questions. Hope this helps.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • JAlkazianJAlkazian Newbie ✭

    Thank you for your prompt response. The link was to deny WAN to LAN but i need to allow LAN to LAN. I tried the following: 


    Action - Allow

    From - LAN

    To - LAN

    Source Port - Any

    Service - Any

    Source - 63 network (10.3.63.0/255.255.255.0 which is X3)

    Destination - Any


    I set it up and still cannot ping from one PC to another but i can ping the interface gateway IPs both ways.

    Thank you again

  • SaravananSaravanan Moderator

    Hi @JALKAZIAN,

    Yes, the rule looks right.

    Could you perform a packet capture on the SonicWall as shown below to trace the ping packets at SonicWall level? You could also refer the previous comment provided KB article for packet capture.

    Please click on System > Packet Monitor > Configure,

    - Settings tab: Disable all check boxes

    - Monitor Filter tab:

    * Check “Enable Bidirectional address and port matching"

    * Ether type: IP

    * IP Type: ICMP

    * Source IP: 10.3.63.x (List the IP address of the source computer where the ping is initiated from)

    * Destination IP: List the IP address of the recipient computer where the ping is destined to

    * Everything else clear

    - Display Filter Tab: Everything clear, all boxes check

    - Advance Monitor Filter: Everything check

    - Click OK, and Start Capture.

    Get the pings started on the source computer and click on Refresh option in the packet monitor page to see the traffic.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • JAlkazianJAlkazian Newbie ✭

    Here is the capture

  • JAlkazianJAlkazian Newbie ✭

    The firewall was the issue. Thank you!

Sign In or Register to comment.