Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ400W fails to obtain IP address from FIOS router

After 3 generations of sonicwall firewalls worked connected to a cable modem i installed FIOS home service and am attempting to run my TZ400W in the DMZ of the G3100 router.

i cannot get WAN on the X1 to acquire and IP address from the FIOS DHCP server when connected to an ethernet port on the G3100 router.

works fine when i connect a laptop directly to the g3100 and TZ400 continues to work fine connected to cable modem

have followed all the troubleshooting steps in the WAN connectivity trouble shooting guide except MAC cloning which i can't see helping . even tried different browsers to access management interface and different wiring configurations from G3100 to X1 port

i even tried setting up a static IP address on the G3100 and using static IP as the WAN access on the G3100


it seems others have success doing this any suggestions??

Category: Mid Range Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    MichaelAMichaelA Newbie ✭
    Accepted Answer

    Solution found - in the end a Newbie mistake - i had a gateway IP conflict with one of my guest networks. changing that guest network gateway's IP solved the problem. It was @BWC suggestion to use the packet monitor on UDP 67,68 to watch DHCP traffic that led me to RPF check failed which led me to investigate routing policies which led me to trace network paths which led me to the problem.

    thank you for the help

Answers

  • Hello @MichaelA - I just put one of our NSA firewalls on a cable modem at my home office for the first time, a new ISP for me. I first connected a PC, and then over a week later tried to get the FW WAN to get a lease. It did not, after an hour or two. I simply powered down the cable modem for 30 seconds, unplugged the WAN cable from the SonicWall, let the modem finish coming back up, and then connected it again. It immediately got a lease and has been online since then w/out issue.

    WAN Mode: NAT with DHCP Client Value  : 3    

    WAN Mode State: Connected Value  : 3    

    DHCP CLIENT on port       : X1

    active             : 1 

    DHCP Server ID         : 66.214.200.1

    Lease Origin          : 12/18/2020 14:07:45

    Lease Duration         : 480 Minutes

    Lease Expires          : 12/18/2020 22:07:45

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @MichaelA

    I always recommend running a Packet-Monitor for UDP 67,68 on that specific Interface (X1) to see what's going on. You should have a Wireshark near you for futher analaysis. But if your G3100 isn't offering anything you know where to look.

    --Michael@BWC

  • AjishlalAjishlal Cybersecurity Overlord ✭✭✭

    Hi @MichaelA ,

    Try to adjust the X1 duplex mode;


  • MichaelAMichaelA Newbie ✭

    Thank you everyone for rapid responses.

    I tried the 2 'easy' fixes first, cycling the G3100 power and adjusting the link speed. Neither seemed to help.

    When i set up a packet monitor on the X1 port i found 2 packets that looked interesting :

    The first packet looks like the G3100 trying to send DHCP information to my TZ400. (the Src and Dst MAC addresses match the G3100 and the TZ400 and the IP adresses match the G3100 and the static IP the DHCP in the G3100 created for the TZ400) but that packet is dropped due to 'RPF check failed'

    i assume the 2nd packet is my TZ400 trying to ask for an IP address

    will continue to search if there are ways to tell the TZ400 that the Reverse Path it is seeing is ok maybe with a static route policy

    any advice would be most welcome

    Ethernet Header

     Ether Type: IP(0x800), Src=[b8:f8:53:xx:xx:xx], Dst=[18:b1:69:xx:xx:xx]

    IP Packet Header

     IP Type: UDP(0x11), Src=[192.168.1.1], Dst=[192.168.1.222]

    UDP Packet Header

     Src=[67], Dst=[68], Checksum=0x98f6, Message Length=341 bytes

    Application Header

     BOOTP: 

    Value:[0]

    DROPPED, Drop Code: 241(DHCP server packet dropped, RPF check failed.), Module Id: 19(ipHelper), (Ref.Id: _1383_xcnkfcvgFjerUgtxgtRmvu) 1:1)


    Ethernet Header

     Ether Type: IP(0x800), Src=[18:b1:69:xx:xx:xx], Dst=[ff:ff:ff:ff:ff:ff]

    IP Packet Header

     IP Type: UDP(0x11), Src=[0.0.0.0], Dst=[255.255.255.255]

    UDP Packet Header

     Src=[68], Dst=[67], Checksum=0x5375, Message Length=272 bytes

    Application Header

     BOOTP: 

    Value:[0]

    Generated (Sent Out) 0:0)

Sign In or Register to comment.