Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

NSA2700 to TZ270 Tunnel Interface dropping SNMP


PRTG Monitor server ts 10.0.1.50 going across a tunnel interface to the TZ270 10.10.11.5 at a remote site for SNMP data.

I've already tested access rules on both sites LAN>VPN and VPN>LAN allow all (just for testing) with no change

I've also enabled the SNMP slider on X0 and the VPN Interface


Ethernet Header

Ether Type: IP(0x800), Src=[00:01:5c:80:cc:46], Dst=[2e:b8:ed:d9:52:e1]

IP Packet Header

IP Type: UDP(0x11), Src=[10.0.1.50], Dst=[10.10.11.5]

UDP Packet Header

Src=[53295], Dst=[161], Checksum=0x7778, Message Length=49 bytes

Application Header

Snmp:

Value:[1]

DROPPED, Drop Code: 727(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2728_qpmjdzDifdl) 1:2)

Category: Mid Range Firewalls
Reply

Answers

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Does the VPN-> LAN access rule for this traffic have "Allow Management Traffic" ticked on it?

    I think I had a similar issue and the fix was creating a route policy with a source of Any and a destination of the PRTG server. This was a stupid fix because there was already a more general route that should have matched this.

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Also have this issue with HA firewalls. Had to add route policies with a source of "HF Backup X2 IP" and "HF Primary X2 IP" in order to be able to use the additional management addresses. Gen6 "Just Worked" in this regard, no need for apparently redundant routes.

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    maybe something to look at unless its already set.



Sign In or Register to comment.