Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Sonicpoints

djhurt1djhurt1 Enthusiast ✭✭
in High End Firewalls

Sonicpoint clients receive our internal DNS address and can ping that address fine so a routing issue doesn't appear to be the cause. However, non domain joined devices can't resolve local names. Domain joined devices can. I considered something was up with our DNS regarding non domain joined devices however I can resolve names on the wired network behind the sonicwall with a non domain joined PC fine. Is there anything regarding the sonicwall to cause this behavior? It's only affecting our wireless clients.

Category: High End Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    SaravananSaravanan Moderator
    Answer ✓

    Hi @DJHURT1,

    Thank you for visiting SonicWall Community.

    If the non domain clients can resolve domain names using your internal DNS server, then we should perform a packet capture on the SonicWall to trace the DNS and PING traffics. Packet monitor tool on the SonicWall can give us a clue of where the packet drop happens.

    https://www.sonicwall.com/support/contact-support/

    Please give this a shot and update me.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Answers

  • djhurt1djhurt1 Enthusiast ✭✭
    edited March 2021

    Below is what I saw that looks suspicious possibly. I used my phone and did repeated DNS lookups. However the Src 2c:b8:ed:4f:09:da is not my phones MAC but the Ip address is what my phone currently had for an address.


    Ethernet Header

     Ether Type: VLAN ID = 500, Priority = 0

     Ether Type: IP(0x800), Src=[2c:b8:ed:4f:09:da], Dst=[c2:ea:e4:cc:3a:ab]

    IP Packet Header

     IP Type: UDP(0x11), Src=[10.44.6.50], Dst=[10.44.6.1]

    UDP Packet Header

     Src=[25554], Dst=[53], Checksum=0x44cc, Message Length=48 bytes

    Application Header

     DNS: 

    Value:[1]

    DROPPED, Drop Code: 726(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2251_rqnke{Ejgem) 1:4)

  • SaravananSaravanan Moderator

    Hi @DJHURT1,

    I guess, the packet is dropped by the SonicWall because of access rule not allowed. You can check for the Src MAC address in the ARP section on the SonicWall to find out which device it belongs to. The MAC address keep changes every hop, so we may not see the right MAC address if there are hops in between. Please check the MAC or ARP table on the SonicWall and let me know if you can narrow down.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.