The packet drop reason is 'Invalid TCP Flag'. Since, SonicWall is a stateful firewall, it keeps a TCP state table and if it violated the packets are dropped. So, I think it is a legitimate drop.
If you have issues pinging the AP and the firewall IP itself, the issues is certainly internal. What device is 192.168.60.240?
What kind of AP is it? If it is a SonicPoint/SonicWAVE, please contact out support team so that we can troubleshoot this in real-time.
If it is some other access point, then you would need to work with them as this works from LAN but the issue is only from Wireless and that is the contact point for all wireless devices.
These packets have 'RST' flag set which means they are used to Reset the TCP connection, so the firewall will certainly drop them if the TCP connection is already closed and we then receive these packets. That explains the 'Drop Code: 23(Invalid TCP Flag)' on these packets.
On what zone are these APs connected to? Is it LAN or WLAN?
It would be best to use trusted security type zones like LAN for 3rd party access points as WLAN is reserved for SonicPoint/SonicWAVEs.
Answers
Hello @Asi
Welcome to SonicWall community.
When you test it directly with Comcast, do you test with a single computer or with the entire LAN?
Do you see any drops for the firewall internal IP as well if you run continuous pings?
Is the WAN interface set to static, DHCP or PPPoE on the firewall?
Have you done any packet captures on the firewall yet to troubleshoot this issue?
Thanks!!
Shipra Sahu
Technical Support Advisor, Premier Services
only on WiFi.
so I checked the connection between the AP and firewall, it was on 100mb.
I removed the POE power supply and connected the AP to POE switch.
Now the connection between all devices is 1g.
But am still dropping pings, so I checked with network cable, no drops.
Something between Sonicwall and WiFi not working.
Tested with Netgear R6300 and Uinfi nano flex HD, same issue.
ISP is Comcast, static IP!
So, have you connected a SonicPoint/SonicWAVE to the TZ 205 or is it some other access point?
If it is a SonicPoint/SonicWAVE, could you try pinging the WLAN interface and see if you are getting similar drops?
It would be best to do a packet capture on the firewall, to see what is the status of those ping packets that are RTO on the wireless client.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
I lose pings from:
AP 192.168.60.240
Firewall 192.168.60.1
Comcast modem 10.1.10.1
and google.com
which settings should I use in packet capture?
TCP ping drop from packet capture:
Ethernet Header
Ether Type: IP(0x800), Src=[50:3e:aa:89:ba:e5], Dst=[c0:ea:e4:42:67:2c]
IP Packet Header
IP Type: TCP(0x6), Src=[192.168.60.142], Dst=[172.217.15.206]
TCP Packet Header
TCP Flags = [SYN,], Src=[61947], Dst=[443], Checksum=0x837c
Application Header
HTTPS
Value:[0]
DROPPED, Drop Code: 23(Invalid TCP Flag), Module Id: 25(network), (Ref.Id: _4260_uyHtJcpfngKrRmv) 1:1)
HAX:
c0eae442 672c503e aa89bae5 08004500 0034c220 40008006 *...Bg,P.......E..4. @...*
7ec5c0a8 3c8eacd9 0fcef1fb 01bb79ce c93f0000 00008002 *~.............y..?......*
faf0837c 00000204 05b40103 03080101 0402 *...|.............. *
@Asi,
The packet drop reason is 'Invalid TCP Flag'. Since, SonicWall is a stateful firewall, it keeps a TCP state table and if it violated the packets are dropped. So, I think it is a legitimate drop.
If you have issues pinging the AP and the firewall IP itself, the issues is certainly internal. What device is 192.168.60.240?
What kind of AP is it? If it is a SonicPoint/SonicWAVE, please contact out support team so that we can troubleshoot this in real-time.
If it is some other access point, then you would need to work with them as this works from LAN but the issue is only from Wireless and that is the contact point for all wireless devices.
Thanks!!
Shipra Sahu
Technical Support Advisor, Premier Services
but my issue is that I try 2 different AP: Netgear R6300v2 and Ubnt Nano Flex HD.
Both had the same issues.
My guess sonicwall firewall drop packets coming from the AP.
(same errors with 2 different AP, 0 errors on wired connection)
this is the only drop pockets I see 1668 of them in 30 sec. after click on website.
Ethernet Header
Ether Type: IP(0x800), Src=[78:cd:8e:d0:59:de], Dst=[c0:ea:e4:42:67:2d]
IP Packet Header
IP Type: TCP(0x6), Src=[195.181.163.70], Dst=[192.168.60.142]
TCP Packet Header
TCP Flags = [RST,], Src=[443], Dst=[56233], Checksum=0xd578
Application Header
HTTPS
Value:[0]
DROPPED, Drop Code: 23(Invalid TCP Flag), Module Id: 25(network), (Ref.Id: _4260_uyHtJcpfngKrRmv) 1:1)
@Asi,
These packets have 'RST' flag set which means they are used to Reset the TCP connection, so the firewall will certainly drop them if the TCP connection is already closed and we then receive these packets. That explains the 'Drop Code: 23(Invalid TCP Flag)' on these packets.
On what zone are these APs connected to? Is it LAN or WLAN?
It would be best to use trusted security type zones like LAN for 3rd party access points as WLAN is reserved for SonicPoint/SonicWAVEs.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services