Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

6.5.4.5 - X1 cannot be unassigned

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

at one deployment I'am running WAN interfaces X2 and X9 and the X1 got decommisisioned and I would like to set it from WAN zone to unassigned for the time being.

FLB has X2 and X9 as members, but whenver I try to unassign X1 from the WAN zone the message "Error: One WAN interface must be selected for Failover & LB Group" pops up, which is just wrong because X2 and X9 is in there and X1 not.

Is this a known bug?

--Michael@BWC

Category: Mid Range Firewalls
Reply

Best Answer

Answers

  • RedNetRedNet Newbie ✭

    I was always under the impression that the X1, like the X0 is to LAN, was fixed to WAN.

    Not sure why for X1 but for X0 they seem to tie any mgmt type traffic (like the source of pings or ldap requests) to source from the X0 IP.... I assumed it was something similar for X1.

    Could be mistaken but I believe they mentioned this on one of the SW university courses.

  • shiprasahu93shiprasahu93 Moderator

    @RedNet,

    Yes, we had similar restrictions for X1 interface for quite some time. But I think that was for Gen 5 and Gen 6 on 6.2.x versions.

    Since 6.5, other than X0 interface, all others are free to be unassigned and configured on any available zones.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi all,

    IPv6 (always forgetting about it) was the right direction to look at. Maybe X1 was locked to WAN in the past, but it must be ages ago, even on a Gen5 I can unassign X1.

    Note to my future me: Check IPv6 too, even you don't use it actively :)

    --Michael@BWC

  • shiprasahu93shiprasahu93 Moderator

    Michael@BWC,

    Since 6.5.3.x, enable IPv6 is a global option under Manage | Appliance | Base settings -> 'Enable IPv6'. If you are not using IPv6 on the firewall, I would suggest keeping this option disabled.

    I have been in those situations a few times now 😄. So as soon as you mentioned that error, could recall what it might be.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @shiprasahu93

    disabling IPv6 will not do the trick. I still need to configure FLB for IPv6, tested it a second ago with 6.5.4.6.

    Disabling IPv6 does not make IPv6 disappear what might be expected, according to the documentation it just forces the Firewall to drop IPv6: "When IPv6 is disabled, all IPv6 packets are dropped by the firewall and the INVESTIGATE | Tools > Packet Monitor page displays the log messages.". Which renders the meaningfullness of this option, let's debateable.

    But future me is prepared, no worries :)

    --Michael@BWC

  • shiprasahu93shiprasahu93 Moderator

    Michael@BWC,

    It's actually more useful for the unnecessary access rules and NAT policies. But, glad that this one is sorted out!

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.