Allowing traffic across X0, X2 and X3

JAlkazian · October 2020

Hi,

I have the following configuration:

X0-main LAN

X1-WAN

X2-Phone LAN

X3-Another LAN

I would like to allow traffic across X0, X2 and X3 to flow but for the life of me i cannot get it to work. Any guidance would be most appreciated.

JAlkazian · October 2020

Config: NSA 2650

Saravanan · October 2020

@JAlkazian - As per the capture, seems like only the ping request is happening via the SonicWall from 10.3.63.212 to 10.3.64.57 and there were no responses found. Disable any windows firewall or client AV on the destination computer to check if the issue resolves. Sometimes end point security prevents the computers from responding to traffics coming from different subnets.

In case if the above step didnt address the issue, then the issue requires real-time assistance. Please feel free to approach our support team as per below link for immediate assistance.

https://www.sonicwall.com/support/contact-support/

Saravanan · October 2020

Hi @JALKAZIAN,

Welcome to SonicWall Community.

You can achieve this by adding access rules on the SonicWall from X0 Main LAN to X2 Phone LAN and X3 Another LAN and vice versa.

Please take a reference at the below KB article for access rule creation.

https://www.sonicwall.com/support/knowledge-base/using-firewall-access-rules-to-block-incoming-and-outgoing-traffic/170503532387172/

In case if the access rules are already in place, we may need to enact packet capture on the firewall to trace the traffics between these interfaces and to rectify the issue. Please take a reference at the below KB article for packet monitor utilization.

https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/170513143911627/

Let us know for questions. Hope this helps.

JAlkazian · October 2020

Thank you for your prompt response. The link was to deny WAN to LAN but i need to allow LAN to LAN. I tried the following:

Action - Allow

From - LAN

To - LAN

Source Port - Any

Service - Any

Source - 63 network (10.3.63.0/255.255.255.0 which is X3)

Destination - Any

I set it up and still cannot ping from one PC to another but i can ping the interface gateway IPs both ways.

Thank you again

Saravanan · October 2020

Hi @JALKAZIAN,

Yes, the rule looks right.

Could you perform a packet capture on the SonicWall as shown below to trace the ping packets at SonicWall level? You could also refer the previous comment provided KB article for packet capture.

Please click on System > Packet Monitor > Configure,

- Settings tab: Disable all check boxes

- Monitor Filter tab:

* Check “Enable Bidirectional address and port matching"

* Ether type: IP

* IP Type: ICMP

* Source IP: 10.3.63.x (List the IP address of the source computer where the ping is initiated from)

* Destination IP: List the IP address of the recipient computer where the ping is destined to

* Everything else clear

- Display Filter Tab: Everything clear, all boxes check

- Advance Monitor Filter: Everything check

- Click OK, and Start Capture.

Get the pings started on the source computer and click on Refresh option in the packet monitor page to see the traffic.

JAlkazian · October 2020

packet-t (2).txt

Here is the capture

JAlkazian · October 2020

The firewall was the issue. Thank you!

Join the Conversation

Allowing traffic across X0, X2 and X3

Best Answers

Answers