Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Access management over VPN.

StorchStorch Newbie ✭
in Mid Range Firewalls

Hello, we have two sites connected to each other over a standard vpn connection. SonicWalls on both sides. The problem I am having is trying to access the management interface to the other SonicWall through the vpn the tunnel. When I do I get, “err1: policy not found for packet on Zones(VPN -> LAN)” in the log. 

I have tried adding an Access Rule that is VPN -> LAN allowing Any source to All X0 Management IP for any service and I still can’t connect to the management interface. The only way I have been managing it is over the WAN interface which is incredible undesirable. I can ping it and have full port access to any device on the LAN on the other side and have enabled Management over HTTPS in every location I can find. What am I missing?  

Category: Mid Range Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    TonyATonyA SonicWall Employee
    Answer ✓

    Hi @Storch

    That's great to hear. If it happens again even with the latest firmware version, give support a call and we can look into it.

    I'm glad its working now!

Answers

  • TonyATonyA SonicWall Employee

    Hi @Storch

    I know you said you enabled mgmt over HTTPS in every location - but can you double check on the VPN policy under the Advanced tab if "MANAGEMENT VIA THIS SA' is enabled for HTTPS? (Both sides or on destination side)

  • StorchStorch Newbie ✭
    edited October 2023

    I have this enabled on the other side, and I didn't think I about make any changes on this side. But no, making the change did not work and I am still getting the same message in the log on the other side.

    Thank you for the suggestion.

  • StorchStorch Newbie ✭


  • TonyATonyA SonicWall Employee

    @Storch thanks for the update. Instead of the service being any in the access rule, we need to make it specific - Can you add the service object called HTTPS management and try?


    On Destination firewall:

    VPN to LAN

    Src: Any

    Dst: All X0 Management IP

    Service: HTTPS Management

  • StorchStorch Newbie ✭
    edited October 2023
    Screenshot 2023-10-20 120030.png

    Hi Tonya, thanks. I should have added this to the original question.

    I have tried this. I even moved the rule to priority to be #1. I also tried adding a specific rule of my local, static IP as the source. When I telnet into it on 443 and GET it immedetly hangs up on me and says, "Connection closed by foreign host." All of this is why I am stymied.

  • TonyATonyA SonicWall Employee

    @Storch

    That is odd forsure. Check the statistics to see if the rule is being hit.

    There should be an auto created rule when you enabled that https over this SA option enabled - can you check if its also there?

    If it still doesnt work, please create a ticket with support and we will take a deeper look into it. Once created, please DM the ticket number as I would like to follow it.

  • StorchStorch Newbie ✭

    Hi Tonya. Well, this was weird. 

    I was changing my custom VPN -> LAN rule priority back from Manual back to Auto Priority and at first it would not save and would go back to Manual. I did this three times. On the third time, it reset the in/out traffic, finally kept the Auto setting, and moved the priority down to where I thought it should be. After this, I tested connecting to it just to see what would happen and sure enough, it’s working now. I made no changes other than this. I’m going to update the firmware just to be safe. But as it stands now, it’s working.  Strange but at least I can manage it through the VPN.

    I appreciate all you help with this and validating the changes I was making made sense.

    -Cheers!

Sign In or Register to comment.