TZ400W fails to obtain IP address from FIOS router
MichaelA
Newbie ✭
After 3 generations of sonicwall firewalls worked connected to a cable modem i installed FIOS home service and am attempting to run my TZ400W in the DMZ of the G3100 router.
i cannot get WAN on the X1 to acquire and IP address from the FIOS DHCP server when connected to an ethernet port on the G3100 router.
works fine when i connect a laptop directly to the g3100 and TZ400 continues to work fine connected to cable modem
have followed all the troubleshooting steps in the WAN connectivity trouble shooting guide except MAC cloning which i can't see helping . even tried different browsers to access management interface and different wiring configurations from G3100 to X1 port
i even tried setting up a static IP address on the G3100 and using static IP as the WAN access on the G3100
it seems others have success doing this any suggestions??
Best Answer
-
CORRECT ANSWERMichaelA
Newbie ✭
Solution found - in the end a Newbie mistake - i had a gateway IP conflict with one of my guest networks. changing that guest network gateway's IP solved the problem. It was @BWC suggestion to use the packet monitor on UDP 67,68 to watch DHCP traffic that led me to RPF check failed which led me to investigate routing policies which led me to trace network paths which led me to the problem.
thank you for the help
0
Answers
Hello @MichaelA - I just put one of our NSA firewalls on a cable modem at my home office for the first time, a new ISP for me. I first connected a PC, and then over a week later tried to get the FW WAN to get a lease. It did not, after an hour or two. I simply powered down the cable modem for 30 seconds, unplugged the WAN cable from the SonicWall, let the modem finish coming back up, and then connected it again. It immediately got a lease and has been online since then w/out issue.
WAN Mode: NAT with DHCP Client Value : 3
WAN Mode State: Connected Value : 3
DHCP CLIENT on port : X1
active : 1
DHCP Server ID : 66.214.200.1
Lease Origin : 12/18/2020 14:07:45
Lease Duration : 480 Minutes
Lease Expires : 12/18/2020 22:07:45
Hi @MichaelA
I always recommend running a Packet-Monitor for UDP 67,68 on that specific Interface (X1) to see what's going on. You should have a Wireshark near you for futher analaysis. But if your G3100 isn't offering anything you know where to look.
--Michael@BWC
Hi @MichaelA ,
Try to adjust the X1 duplex mode;
Thank you everyone for rapid responses.
I tried the 2 'easy' fixes first, cycling the G3100 power and adjusting the link speed. Neither seemed to help.
When i set up a packet monitor on the X1 port i found 2 packets that looked interesting :
The first packet looks like the G3100 trying to send DHCP information to my TZ400. (the Src and Dst MAC addresses match the G3100 and the TZ400 and the IP adresses match the G3100 and the static IP the DHCP in the G3100 created for the TZ400) but that packet is dropped due to 'RPF check failed'
i assume the 2nd packet is my TZ400 trying to ask for an IP address
will continue to search if there are ways to tell the TZ400 that the Reverse Path it is seeing is ok maybe with a static route policy
any advice would be most welcome
Ethernet Header
Ether Type: IP(0x800), Src=[b8:f8:53:xx:xx:xx], Dst=[18:b1:69:xx:xx:xx]
IP Packet Header
IP Type: UDP(0x11), Src=[192.168.1.1], Dst=[192.168.1.222]
UDP Packet Header
Src=[67], Dst=[68], Checksum=0x98f6, Message Length=341 bytes
Application Header
BOOTP:
Value:[0]
DROPPED, Drop Code: 241(DHCP server packet dropped, RPF check failed.), Module Id: 19(ipHelper), (Ref.Id: _1383_xcnkfcvgFjerUgtxgtRmvu) 1:1)
Ethernet Header
Ether Type: IP(0x800), Src=[18:b1:69:xx:xx:xx], Dst=[ff:ff:ff:ff:ff:ff]
IP Packet Header
IP Type: UDP(0x11), Src=[0.0.0.0], Dst=[255.255.255.255]
UDP Packet Header
Src=[68], Dst=[67], Checksum=0x5375, Message Length=272 bytes
Application Header
BOOTP:
Value:[0]
Generated (Sent Out) 0:0)
Hi @MichaelA,
Please find the below article for the resolution;