Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


NSA2700 to TZ270 Tunnel Interface dropping SNMP

PRTG Monitor server ts going across a tunnel interface to the TZ270 at a remote site for SNMP data.

I've already tested access rules on both sites LAN>VPN and VPN>LAN allow all (just for testing) with no change

I've also enabled the SNMP slider on X0 and the VPN Interface

Ethernet Header

Ether Type: IP(0x800), Src=[00:01:5c:80:cc:46], Dst=[2e:b8:ed:d9:52:e1]

IP Packet Header

IP Type: UDP(0x11), Src=[], Dst=[]

UDP Packet Header

Src=[53295], Dst=[161], Checksum=0x7778, Message Length=49 bytes

Application Header



DROPPED, Drop Code: 727(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2728_qpmjdzDifdl) 1:2)

Category: Mid Range Firewalls


  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Does the VPN-> LAN access rule for this traffic have "Allow Management Traffic" ticked on it?

    I think I had a similar issue and the fix was creating a route policy with a source of Any and a destination of the PRTG server. This was a stupid fix because there was already a more general route that should have matched this.

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Also have this issue with HA firewalls. Had to add route policies with a source of "HF Backup X2 IP" and "HF Primary X2 IP" in order to be able to use the additional management addresses. Gen6 "Just Worked" in this regard, no need for apparently redundant routes.

  • Options
    MarkDMarkD Cybersecurity Overlord ✭✭✭

    maybe something to look at unless its already set.

Sign In or Register to comment.