Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

NSA2700 to TZ270 Tunnel Interface dropping SNMP

kennymathews2003kennymathews2003 Newbie ✭
in Mid Range Firewalls


PRTG Monitor server ts 10.0.1.50 going across a tunnel interface to the TZ270 10.10.11.5 at a remote site for SNMP data.

I've already tested access rules on both sites LAN>VPN and VPN>LAN allow all (just for testing) with no change

I've also enabled the SNMP slider on X0 and the VPN Interface

capture.jpg


Ethernet Header

Ether Type: IP(0x800), Src=[00:01:5c:80:cc:46], Dst=[2e:b8:ed:d9:52:e1]

IP Packet Header

IP Type: UDP(0x11), Src=[10.0.1.50], Dst=[10.10.11.5]

UDP Packet Header

Src=[53295], Dst=[161], Checksum=0x7778, Message Length=49 bytes

Application Header

Snmp:

Value:[1]

DROPPED, Drop Code: 727(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2728_qpmjdzDifdl) 1:2)

Category: Mid Range Firewalls
Reply

Answers

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Does the VPN-> LAN access rule for this traffic have "Allow Management Traffic" ticked on it?

    I think I had a similar issue and the fix was creating a route policy with a source of Any and a destination of the PRTG server. This was a stupid fix because there was already a more general route that should have matched this.

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Also have this issue with HA firewalls. Had to add route policies with a source of "HF Backup X2 IP" and "HF Primary X2 IP" in order to be able to use the additional management addresses. Gen6 "Just Worked" in this regard, no need for apparently redundant routes.

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    maybe something to look at unless its already set.


    image.png


Sign In or Register to comment.