Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ 205 drop connection for few seconds when hitting some websites.

Test: ping google.com -t

pings back 12ms-15ms with no traffic.

when I hit some websites I lose the pings, see attached..

when I switch network directly to Comcast modem no drops.

I changed MTU and speed on WAN to 100mb full..

Any idea?

Category: Entry Level Firewalls
Reply

Answers

  • Hello @Asi

    Welcome to SonicWall community.

    When you test it directly with Comcast, do you test with a single computer or with the entire LAN?

    Do you see any drops for the firewall internal IP as well if you run continuous pings?

    Is the WAN interface set to static, DHCP or PPPoE on the firewall?

    Have you done any packet captures on the firewall yet to troubleshoot this issue?

    Thanks!!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • AsiAsi Newbie ✭
    edited June 2020

    only on WiFi.

    so I checked the connection between the AP and firewall, it was on 100mb.

    I removed the POE power supply and connected the AP to POE switch.

    Now the connection between all devices is 1g.

    But am still dropping pings, so I checked with network cable, no drops.

    Something between Sonicwall and WiFi not working.

    Tested with Netgear R6300 and Uinfi nano flex HD, same issue.

    ISP is Comcast, static IP!

  • So, have you connected a SonicPoint/SonicWAVE to the TZ 205 or is it some other access point?

    If it is a SonicPoint/SonicWAVE, could you try pinging the WLAN interface and see if you are getting similar drops?

    It would be best to do a packet capture on the firewall, to see what is the status of those ping packets that are RTO on the wireless client.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • AsiAsi Newbie ✭

    I lose pings from:

    AP 192.168.60.240

    Firewall 192.168.60.1

    Comcast modem 10.1.10.1

    and google.com

    which settings should I use in packet capture?


  • AsiAsi Newbie ✭

    TCP ping drop from packet capture:

    Ethernet Header

     Ether Type: IP(0x800), Src=[50:3e:aa:89:ba:e5], Dst=[c0:ea:e4:42:67:2c]

    IP Packet Header

     IP Type: TCP(0x6), Src=[192.168.60.142], Dst=[172.217.15.206]

    TCP Packet Header

     TCP Flags = [SYN,], Src=[61947], Dst=[443], Checksum=0x837c

    Application Header

     HTTPS

    Value:[0]

    DROPPED, Drop Code: 23(Invalid TCP Flag), Module Id: 25(network), (Ref.Id: _4260_uyHtJcpfngKrRmv) 1:1)


    HAX:

     c0eae442 672c503e aa89bae5 08004500 0034c220 40008006 *...Bg,P.......E..4. @...*

     7ec5c0a8 3c8eacd9 0fcef1fb 01bb79ce c93f0000 00008002 *~.............y..?......*

     faf0837c 00000204 05b40103 03080101 0402       *...|..............   *

  • @Asi,

    The packet drop reason is 'Invalid TCP Flag'. Since, SonicWall is a stateful firewall, it keeps a TCP state table and if it violated the packets are dropped. So, I think it is a legitimate drop.

    If you have issues pinging the AP and the firewall IP itself, the issues is certainly internal. What device is 192.168.60.240?

    What kind of AP is it? If it is a SonicPoint/SonicWAVE, please contact out support team so that we can troubleshoot this in real-time.

    If it is some other access point, then you would need to work with them as this works from LAN but the issue is only from Wireless and that is the contact point for all wireless devices.

    Thanks!!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • AsiAsi Newbie ✭

    but my issue is that I try 2 different AP: Netgear R6300v2 and Ubnt Nano Flex HD.

    Both had the same issues.

    My guess sonicwall firewall drop packets coming from the AP.

    (same errors with 2 different AP, 0 errors on wired connection)

    this is the only drop pockets I see 1668 of them in 30 sec. after click on website.

    Ethernet Header

     Ether Type: IP(0x800), Src=[78:cd:8e:d0:59:de], Dst=[c0:ea:e4:42:67:2d]

    IP Packet Header

     IP Type: TCP(0x6), Src=[195.181.163.70], Dst=[192.168.60.142]

    TCP Packet Header

     TCP Flags = [RST,], Src=[443], Dst=[56233], Checksum=0xd578

    Application Header

     HTTPS

    Value:[0]

    DROPPED, Drop Code: 23(Invalid TCP Flag), Module Id: 25(network), (Ref.Id: _4260_uyHtJcpfngKrRmv) 1:1)

  • @Asi,

    These packets have 'RST' flag set which means they are used to Reset the TCP connection, so the firewall will certainly drop them if the TCP connection is already closed and we then receive these packets. That explains the 'Drop Code: 23(Invalid TCP Flag)' on these packets.

    On what zone are these APs connected to? Is it LAN or WLAN?

    It would be best to use trusted security type zones like LAN for 3rd party access points as WLAN is reserved for SonicPoint/SonicWAVEs.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.