Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sonicwall DNS Mysonicwall issue

We are currently using a different set up at 3 sites with a layer 2 point to point circuit.

With this at our main site I have a NSA2700 and the remote sites TZ470 or TZ370.

On the NSA2700 we are using X4 and a private ip 10.10.10.1

On the remote sites for example for the X1 (WAN) we are using Private 10.10.10.4 (different for each site)

Everything works great, we use internal DNS which works perfect and the tunnel works and has been up for a couple months.

The issue I've been playing with is you can't register the device by signing into my Sonicwall because it seems to want to use the X1 interface and it can't resolve the DNS over it. (DNS works fine over X0 and the tunnel).

Any ideas? Can you force the Sonicwall registration to work over the VPN tunnel? I've been looking and can't find a way.


Thanks

Category: Entry Level Firewalls
Reply

Answers

  • MitatOngeMitatOnge Cybersecurity Overlord ✭✭✭

    Hi @IT346 ,


    You should change the backend server interface in the /Device/Settings/Administration/Management/BACKEND SERVER COMMUNICATION


  • IT346IT346 Newbie ✭

    Thank you. I'll try that

  • TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited February 18

    Did you not set a DNS server on the TZs X1 interface? If not, why not? If so, you have to determine why it's not receiving a DNS response.

    You never explained how the internet is connected to your setup. I am guessing it is on the NSA's X1 interface, and you are simply using the TZ's as routers.

    @MitatOnge 's answer may not apply as you ARE using the X1 interface on the TZs.

  • IT346IT346 Newbie ✭

    On one side of the layer 2 circuit I have a NSA 2700. X4 is configured as a 10.10.10.1 and using internal DNS.

    On the other side (I have 5 places in total but will only use one for reference). On the TZ X0 is for the sites internal DHCP/DNS etc and X1 is configured as 10.10.10.2 and using internal DNS at the main location. I have a IPSec tunnel using a tunnel interface and and all the routing seems good. I can reach the internet, internal servers, cloud services, etc. The only thing that is not resolving that I can find so far is the following.

    www.mysonicwall.com and lm2.sonicwall.com

    Strange that webcfs08.global.sonicwall.com resolves fine.

    I think the issue is mysonicwall.com and lm2.sonicwall.com seem to be trying to go over the X1 interface and not the VPN tunnel.


    Thanks

  • TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited February 22

    None of that explained what I was inquiring about since it was pretty much a regurgitation of your original post...

    Sonicwalls expect X1 to be connected to an internet circuit with a public IP address and public DNS connectivity (or at the very least X1 has connectivity to the internet via double NAT, static routing, etc.). Since you are using a VPN tunnel over a private circuit for internet connectivity to your client devices behind the TZ, rather than simply routing the traffic, than the X1 interface on the TZ series does not have ANY connectivity to the internet.

    To resolve this you have to allow traffic on the 10.10.10.x subnet to route to the internet directly and NOT through a VPN tunnel.

  • IT346IT346 Newbie ✭

    Thank you. That makes sense.

Sign In or Register to comment.