Packet monitor and traffic between firewall zones
Hi.
I am a newbie to sonicwall and am am having a problem that seems very basic, but I cannot figure it out. I am setting up a new zone and vlan and trying to ping the ip address of that vlan from another vlan in the LAN zone. I have ping enabled on the new vlan. My pings are failing. The thing I am struggling with is troubleshooting the problem. I expected to see that the traffic is being blocked and I need a rule to allow it. I figured I should be able to identify that by running packet monitor. I do not see any related traffic in the captured packets. I have encountered the same kind of thing before when troubleshooting other issues. Obviously I am missing something. I'd appreciate any guidance. I am happy to learn on my own if someone can point me in the right direction.
FYI: we have 2 firewalls NSa4650 (6.5.4.7) and TZ 470 (7.?) I experience the behavior on both firewalls.
Thanks for your help
Brent
Best Answer
-
preston All-Knowing Sage ✭✭✭✭
Hi bwilhelm , you need to be more specific in the Monitor filter otherwise the buffer will be full straight away, then use the Display filter like you would use the Filter in Wireshark ( i,e, if you just want to see the dropped packets out of all the packets you have captured )
you don't need all that stuff enabled in the Advanced Monitor Filter, you may need to also untick the Exclude Management Traffic in the settings tab to see in the capture as PIng to an Interface is classed as Managment Traffic
just set it like below but put you Interface IP you are trying to Ping in the Destination IP section.
0
Answers
Hi @bwilhelm , if you are trying to ping the Sonicwall interface from one zone to another you need to create a rule,
for example so if you are on the LAN and you want to Ping the Interface on Zone LAN2
you would need to create a firewall from from LAN to LAN2 destination = LAN2 Interface IP, service PING, Allow
it is not enabled by default as it is classed as management traffic.
even if you have an LAN to LAN2 ANY ANY rule you could enable managment within that rule but I would advise against that as it opens all the Management traffic to the Interface HTTPS,SSH & Ping
Hi @preston , OK that makes sense. I am trying to get a better handle on troubleshooting. I would have expected my ping attempts to show up in packet monitor. Is this something I should expect to see? Should all traffic show when running the packet monitor? My packet monitor options are included below.
I have added the rule you suggested and am still not able to ping the ip address.
I have a lot of background in servers, virtualization and storage. My new role includes network and firewall management. I inherited my current environment. I am 99% sure I have the networking side of this new vlan taken care of and that my problem lies in the firewall, but am looking for some indication of the problem.
Thanks
@preston
Thank you, Thank you. I now see the dropped traffic. I knew it had to be something dumb I was doing. It is the little things.
Brent