Static route not working
thethakuri
Newbie ✭
I have setup a static route for traffic coming from X0 (ingress) to go out to X6 (egress) for a particular subnet (172.24.78.0). It was working but it stopped working recently. I did a packet capture and it is forwarding the packet to X0 itself and not X6.
System Information
Model: TZ 400
Firmware Version: SonicOS Enhanced 6.5.4.4-44n
Safemode Version: SafeMode 6.2.3.8
ROM Version: SonicROM 5.6.1.0
Category: Mid Range Firewalls
0
Answers
Hello @thethakuri ,
Could you please check on the packets what is the destination MAC address and what device is that associated with?
Also, you can use the 'Find Network Path' under the Investigate | Diagnostics | Diagnostic tool to check why the packets are sent across X0.
Have you recently made any configuration changes like adding static ARPs? If yes. what static ARPs are added?
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Hi @shiprasahu93 ,
Thanks for replying.
The destination MAC address is the SonicWall unit itself.
I tried to Find Network Path to a host in 172.24.78.0 subnet, but it selecting wan interface (X5) and not the specifed interface in static routing (X6).
172.24.78.19 is located on the X5
It is reached through the router at [public ip address]
I have not made any changes to the configuration or added any static arp.
Regards
@thethakuri,
Is this happening for all networks that you have mentioned in the destination of the route or particularly for this one?
Also, what exactly is connected on X6? Is there any network probe set on the static route?
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
@shiprasahu93
Yes, its seems SonicWall is simply not routing any traffic to X6 interface.
Find Network Path tool just looks for traffic originating from the firewall and not the subnet that I want.
Okay, on the other end of X6 is a Fortinet router with 172.24.78.0 subnet.
I tried testing network probe on the static route but it would just fail (red).
Regards
@thethakuri,
So basically the network probe is down due to which the firewall has probably removed this static route from its routing table.
Is the probe set to something that is directly reachable from the firewall at all times? Can you disable the network probe just for testing and check if that solves this issue?
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
@shiprasahu93
No, I just created a network probe for testing which in turn removed this route as you've mentioned. I have removed the probe since and the route is up.
Do you think it can be hardware issue as I'm pretty much lost? Is there any other ways to diagnose?
@thethakuri,
You can upgrade to the latest general release firmware 6.5.4.7-83n and test. But, I do not think this could be a hardware issue.
You can reach out to SonicWall support for further investigation.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
@shiprasahu93
Can I upgrade to the latest firmware without loosing the configuration? Also, how can I get access to the firmware?
Regards
@thethakuri ,
Yes, certainly. Kindly take a look at the below KB for all the steps.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Thanks @shiprasahu93 , the latest firmware I found is 6.5.4.8-89n. Is it okay to directly upgrade from 6.5.4.4-44n to 6.5.4.8-89n?
@thethakuri,
I would suggest upgrading to 6.5.4.7-83n as that is the latest general release and the most stable.
You can directly upgrade to 6.5.4.7-83n.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Thanks @shiprasahu93 , I did the firmware upgrade but the issue is still there. Also, my support has expired. Do you know if I can get one-off support without buying the whole subscription? We will be retiring this device in the near future.
The problem definently seems to be with the device itself. I can't even ping or traceroute the lan IP address.