Default Gateway value possibly causing problem with website access?
JBarrie4
Newbie ✭
We host a website behind a TZ370. When accessing the site from the WAN side, it frequently times out on the first attempt, only to load correctly right after. At first I thought it was a DNS issue, but that seems to be set up properly. The only anomaly I can see in the firewall setup is that the value of the Default Gateway address object is wrong (and can't be changed - it's a value carried over from a prior ISP). The LAN is on X1 and the default gateway value for X1 is correct. I want to know if the general Default Gateway value being wrong could possibly be causing the weird behaviour when accessing the website (and if so, how can I change it?). Thanks for any help you experts can give me!
Category: Entry Level Firewalls
Tagged:
0
Comments
The content of the default gateway object is determined by the interface settings; that's why it's not directly editable.
It's not normal to have a default gateway on a LAN interface, so what is it for?
Arkwright - when I go to Network → Interfaces, and click the Edit icon there when I hover over the X1 interface (which is the LAN), there's a value for Default Gateway shown in the window that opens, which is the correct value for the current connection. I'm not sure how it got there, but it's there. Should I remove that? Also, why would the default gateway object have the value of the default gateway from a prior connection that we're not using at the moment (and is that likely to cause problems?). Thanks for the help.
Like I said, it's not normal [by which I mean, necessary in a flat LAN topology] to fill in the default gateway on a LAN interface. If you don't know why it's there, try removing it. If you're on site then you shouldn't have any problem getting back in to the firewall if it turns out that this was a mistake.
What "prior connection"? Ask whoever set it up.
I will try removing the default gateway on the X1 interface in the next couple of days. The LAN is serving a retail store, so I can't risk messing things up on Black Friday, or on a Saturday.
On the prior connection issue - we used to have a Spectrum cable connection to the WAN, but now we have a Frontier fiber connection. All ip addresses related to the WAN are correct for the Frontier connection, except for the default gateway address object, which still has the value for the Spectrum connection. The TZ370 is an upgrade from a TZ300, and the configuration was imported from that (after converting it in the SonicWall online tool), so possibly the wrong default gateway came with that? That said, the TZ300 was using the Frontier connection when the configuration was exported from that. The TZ300 was an upgrade from a TZ200, with the configuration being updated from that (at which time the Spectrum connection was being used). There was probably a firewall before the TZ200, but I wasn't around for that. Whoever originally set things up is long gone, so I can't make inquiries there.
OK, that's a plausible explanation.
If you know you have flat network LAN-side then the default gateway setting on the LAN interface is unnecessary.