Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ210 problem getting traffic to pass through X2 interface

We've recently acquired a site that is using an older TZ210. I've connected the X2 interface, which is in the LAN zone, to our network (Cisco switch) however I cannot get traffic to pass over it. I only get a cryptic Enforced Firewall Rule message. I can ping the Cisco IP from the Sonicwall but pings from the Cisco interface to the Sonicwall fail. Below is a packet capture of the failure. The KB article on Enforced Firewall Rule failures didn't provide much insight and I'm not seeing anything in the debug logs. Also to note, this works fine at a 2nd site we acquired using an even older TZ200.


*Packet number: 1*

Header Values:

 Bytes captured: 114, Actual Bytes on the wire: 114

Packet Info(Time:09/08/2021 15:56:07.528):

 in:X2*(interface), out:--, DROPPED, Drop Code: 40(Enforced firewall rule), Module Id: 25(network), (Ref.Id: _5473_txGsIboemfJqQlu), 0:0)

Ethernet Header

 Ether Type: IP(0x800), Src=[60:73:5c:f0:30:41], Dst=[00:17:c5:af:96:de]

IP Packet Header

 IP Type: ICMP(0x1), Src=[10.15.0.77], Dst=[10.15.0.78]

ICMP Packet Header

 ICMP Type = 8(ECHO_REQUEST), ICMP Code = 0, ICMP Checksum = 20536

Value:[0]

Hex and ASCII dump of the packet:

 0017c5af 96de6073 5cf03041 08004500 00640007 0000ff01 *......`s\.0A..E..d......*

 a6d90a0f 004d0a0f 004e0800 50380002 00000000 0000000b *.....M...N..P8..........*

 2e05abcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd *........................*

 abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd *........................*

 abcdabcd abcdabcd abcdabcd abcdabcd abcd             *..................     *

Category: Entry Level Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    TomGTomG Newbie ✭
    Accepted Answer

    Thanks. I actually just found the problem a little bit ago. I found an article that indicated at least one option for Management had to be active on the interface for it to accept traffic. Doesn't make any sense to me since it's never going to be used for Management but checking those options on the interface did start allowing traffic to pass.

Answers

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    How is the X2 interface configured, as a bridge? as a portsheild interface? what do your access rules look like? you haven't provided us much info.

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    For clarification, without enabling the Ping option under Management on the interface you won't get replies to pings. No management option should need to be enabled for the interface to pass other traffic.

Sign In or Register to comment.