Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Tunnel Interface VPN bug

brunogabrielbrunogabriel Newbie ✭

Hey! Here I am again.

I noticed that in SonicOS 6.5.3.x, 6.5.4x, 6.5.5.x I have to mark the option "Enable Management" in access rules.

If I don't check this option, I can't get to any hosts in both directions. Tested in 10 SonicWalls.

Even if the rule is created automatically it does not work properly.

Is this a bug or implementation?

Best regards!

Category: Firewall Management and Analytics
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi Bruno,

    first of all, 6.5.5.x? Where did you get this from? 6.5.4.5 seems to be the latest, just a typo?

    Second, the Enable Management in the access rules only allows traffic to the Firewall IPs and is not related to the remaining VPN traffic. This is usually needed if you need to access the Firewall Management via a alternate IP address.

    I'am running plenty of machines with VPN Tunnel interfaces and none needs the "Enable Management".

    Did you checked with Packet monitor what happens?

    --Michael@BWC

  • Yep, my error, it's 6.5.4.5!

    The packet monitor says dropped by policy when this option is not enabled.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @brunogabriel,

    I guess the Firewall rules are for LAN -> VPN? The related address objects are in the correct zones?

    Did you checked the routing policies that there is no conflicting route with a better priority?

    --Michael@BWC

  • For VPN or any other custom zone weather it is Mpls line terminate or P2P you need to create custom access rule for that particular ip with https management services. And set that rule on high priority. Otherwise it might be drop. It doesn't going to pass though any any rules.
Sign In or Register to comment.