NSA 4700 Drops ICMP traffic from server VLAN to X0 LAN
dspjones
Newbie ✭
I have an NSA 4700. Access rules are in place that allow any/any to/from V102 (Server VLAN) to VLAN 1 (LAN). The server vlan 102 is configured on X5:V102. When I attempt to ping the server from a device on VLAN 1 (either the Sonicwall itself or my PC), it works. From the server on VLAN 102, I cannot ping the firewall's LAN interface at 10.1.1.200 (or the physical interfaces .201 and .202 - We have 2 NSA4700s in an HA pair).
Any idea why?
I set up a packet capture on the NSA and captured all the traffic for a few seconds while starting a ping from the server at 10.0.2.12 to the firewall's HA interface 10.1.1.220 - I see that it is dropping ICMP packets to the firewall. But not to anything else on the LAN VLAN on X0. Not sure why or what to do. Do I need some additional rules here? The server runs our network monitoring application, and we need the server to be able to monitor the firewall, which currently is not working. Hopefully, this is just something stupid and simple, and I'm just missing it. Any help is appreciated.
Thanks.
Answers
management access rule
LAN interface at 10.1.1.200
enable ping under the interface properties creates the rule
@dspjones this is a recurring question. Having ping enabled on the interface alone is not sufficient when you try to ping X0 from X5:V102.
In your case you need an additional Access Rule from LAN to LAN, X5:V102 Subnet to X0 IP with service ping and having "Allow Management Traffic" in the Optional Settings enabled.
—Michael@BWC
Allow Management Traffic - that was the missing item. Dang shoulda caught that one. Thanks.