Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Replacement Firewall gives me network access but workstations have no internet

I have a tz215 that I am replacing with a tz300, this is a remote site with a VPN tunnel being established with our NAS 2650 here at the home office. I pretty much copied and pasted all of the settings but when we switched it over none of the workstations are getting internet. I can however use vnc to connect to the computers and they can RDP into our terminal server at the home office. I spent a while trying to get it back together but had to give up and revert back to the old tz215 which works as normal. Ill be addressing this again this weekend when production isnt going to be affected but was wondering if there was anything I could look for when I check.

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @cravix I assume you have the correct Access rules from LAN to WAN allowing traffic to pass? NAT and routing is setup properly?

    First diagnostics:

    • ping from firewall to 8.8.8.8 works?
    • ping from firewall to www.google.com works?
    • ping from endpoint to 8.8.8.8 works?
    • ping from endpoint to www.google.com works?

    These should give you some hint if it's routing or DNS related, assuming you allow ping from LAN to WAN.

    This is really Firewall 101 territory.

    --Michael@BWC

  • cravixcravix Newbie ✭

    I checked that there are rules in place for lan to wan

    It wont ping google.com or 8.8.8.8 (workstation)

    I didnt try pinging from the firewall, where is that on the tz300

  • BWCBWC Cybersecurity Overlord ✭✭✭

    You can find the ping on Invesitigagte -> System Diagnostics.

    I assume your endpoints have the correct default gateway configured?

    Check the routing table on the firewall, it should list something like Source: Any, Destination: 0.0.0.0/0 to the proper gateway. Make sure there is no route which intercept the WAN desinted traffic.

    The NAT Rule which is needed should be like SRC: Any/X1 IP, DST: Any/Original and Interface: X0 to X1.

    Firewall-wise these are default settings.

    If you have a running VPN Tunnel I guess WAN connectivity is fine.

    --Michael@BWC

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    @cravix

    If there any L2 network switches in between workstation & the Sonicwall, restart those switches or connect on of the workstation directly to the Sonicwall LAN interface and try.

  • LarryLarry All-Knowing Sage ✭✭✭✭

    @cravix - similar to what @Ajishlal suggested, I always make it a practice to reboot the site's ISP modem and then start up the new firewall.

  • cravixcravix Newbie ✭

    I had the wan interface set as x2, and it looks like X1 was the default wan in the LB. Once I switched all that the devices got internet.

Sign In or Register to comment.