Access management over VPN.
Storch
Newbie ✭
Hello, we have two sites connected to each other over a standard vpn connection. SonicWalls on both sides. The problem I am having is trying to access the management interface to the other SonicWall through the vpn the tunnel. When I do I get, “err1: policy not found for packet on Zones(VPN -> LAN)” in the log.
I have tried adding an Access Rule that is VPN -> LAN allowing Any source to All X0 Management IP for any service and I still can’t connect to the management interface. The only way I have been managing it is over the WAN interface which is incredible undesirable. I can ping it and have full port access to any device on the LAN on the other side and have enabled Management over HTTPS in every location I can find. What am I missing?
Answers
Hi @Storch
I know you said you enabled mgmt over HTTPS in every location - but can you double check on the VPN policy under the Advanced tab if "MANAGEMENT VIA THIS SA' is enabled for HTTPS? (Both sides or on destination side)
I have this enabled on the other side, and I didn't think I about make any changes on this side. But no, making the change did not work and I am still getting the same message in the log on the other side.
Thank you for the suggestion.
@Storch thanks for the update. Instead of the service being any in the access rule, we need to make it specific - Can you add the service object called HTTPS management and try?
On Destination firewall:
VPN to LAN
Src: Any
Dst: All X0 Management IP
Service: HTTPS Management
Hi Tonya, thanks. I should have added this to the original question.
I have tried this. I even moved the rule to priority to be #1. I also tried adding a specific rule of my local, static IP as the source. When I telnet into it on 443 and GET it immedetly hangs up on me and says, "Connection closed by foreign host." All of this is why I am stymied.
@Storch
That is odd forsure. Check the statistics to see if the rule is being hit.
There should be an auto created rule when you enabled that https over this SA option enabled - can you check if its also there?
If it still doesnt work, please create a ticket with support and we will take a deeper look into it. Once created, please DM the ticket number as I would like to follow it.
Hi Tonya. Well, this was weird.
I was changing my custom VPN -> LAN rule priority back from Manual back to Auto Priority and at first it would not save and would go back to Manual. I did this three times. On the third time, it reset the in/out traffic, finally kept the Auto setting, and moved the priority down to where I thought it should be. After this, I tested connecting to it just to see what would happen and sure enough, it’s working now. I made no changes other than this. I’m going to update the firmware just to be safe. But as it stands now, it’s working. Strange but at least I can manage it through the VPN.
I appreciate all you help with this and validating the changes I was making made sense.
-Cheers!