Tunnel Interface VPN bug

brunogabriel · February 2020

Hey! Here I am again.

I noticed that in SonicOS 6.5.3.x, 6.5.4x, 6.5.5.x I have to mark the option "Enable Management" in access rules.

If I don't check this option, I can't get to any hosts in both directions. Tested in 10 SonicWalls.

Even if the rule is created automatically it does not work properly.

Is this a bug or implementation?

Best regards!

BWC · February 2020

Hi Bruno,

first of all, 6.5.5.x? Where did you get this from? 6.5.4.5 seems to be the latest, just a typo?

Second, the Enable Management in the access rules only allows traffic to the Firewall IPs and is not related to the remaining VPN traffic. This is usually needed if you need to access the Firewall Management via a alternate IP address.

I'am running plenty of machines with VPN Tunnel interfaces and none needs the "Enable Management".

Did you checked with Packet monitor what happens?

--Michael@BWC

brunogabriel · February 2020

Yep, my error, it's 6.5.4.5!

The packet monitor says dropped by policy when this option is not enabled.

BWC · February 2020

Hi @brunogabriel,

I guess the Firewall rules are for LAN -> VPN? The related address objects are in the correct zones?

Did you checked the routing policies that there is no conflicting route with a better priority?

--Michael@BWC

Bhavin_Naik · February 2020

For VPN or any other custom zone weather it is Mpls line terminate or P2P you need to create custom access rule for that particular ip with https management services. And set that rule on high priority. Otherwise it might be drop. It doesn't going to pass though any any rules.

Join the Conversation

Tunnel Interface VPN bug

Answers