Replacement Firewall gives me network access but workstations have no internet
I have a tz215 that I am replacing with a tz300, this is a remote site with a VPN tunnel being established with our NAS 2650 here at the home office. I pretty much copied and pasted all of the settings but when we switched it over none of the workstations are getting internet. I can however use vnc to connect to the computers and they can RDP into our terminal server at the home office. I spent a while trying to get it back together but had to give up and revert back to the old tz215 which works as normal. Ill be addressing this again this weekend when production isnt going to be affected but was wondering if there was anything I could look for when I check.
@cravix I assume you have the correct Access rules from LAN to WAN allowing traffic to pass? NAT and routing is setup properly?
These should give you some hint if it's routing or DNS related, assuming you allow ping from LAN to WAN.
This is really Firewall 101 territory.
I checked that there are rules in place for lan to wan
It wont ping google.com or 18.104.22.168 (workstation)
I didnt try pinging from the firewall, where is that on the tz300
You can find the ping on Invesitigagte -> System Diagnostics.
I assume your endpoints have the correct default gateway configured?
Check the routing table on the firewall, it should list something like Source: Any, Destination: 0.0.0.0/0 to the proper gateway. Make sure there is no route which intercept the WAN desinted traffic.
The NAT Rule which is needed should be like SRC: Any/X1 IP, DST: Any/Original and Interface: X0 to X1.
Firewall-wise these are default settings.
If you have a running VPN Tunnel I guess WAN connectivity is fine.
If there any L2 network switches in between workstation & the Sonicwall, restart those switches or connect on of the workstation directly to the Sonicwall LAN interface and try.
@cravix - similar to what @Ajishlal suggested, I always make it a practice to reboot the site's ISP modem and then start up the new firewall.
I had the wan interface set as x2, and it looks like X1 was the default wan in the LB. Once I switched all that the devices got internet.