Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Tz270W Management over VPN

EF999EF999 Newbie ✭
edited April 2021 in Entry Level Firewalls

Dear Sonicwall Community,


we recently deployed a new gen7 TZ270W on one of our customers sites. Unlike many other partners on this forum, I do not have many issues with the device at least for now.

One thing that seems quite buggy though is management from the VPN zone. The customer has a tunnel interface vpn tunnel from his main site to this tz270w and wants to manage it via the x0 interface.

I did check all boxes (allow management traffic) that I know and I only see forwarded and consumed packets on the packet monitor, no drops. Tried different browsers but I always the a timeout error. Ping works fine though.

Does anyone have a similar issue? WAN management does work.

I also have an open case 43653575 if anyone wants to have a look.


Kind regards,

Eric

Category: Entry Level Firewalls
Reply

Answers

  • shiprasahu93shiprasahu93 Moderator

    @EF999,

    I tested this on the latest 7.0.1-R1262 and it seems to be working as expected. Are you also on the same firmware?

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • EF999EF999 Newbie ✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/8477#Comment_8477

    I upgraded to the same firmware yesterday to see if this helps but I still have the same issue.

    We have a ANY ANY ANY rule in place from vpn to lan where I enabled management. Do you have a seperate policy for management?

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    There is an option in the IPSec tunnel configuration under Advanced to allow "Management via the SA". If you aren't using this than you won't get management access.

  • EF999EF999 Newbie ✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/8505#Comment_8505

    I´m aware of that and it is checked on both firewalls. Besides that "allow management" is checked on in and outgoing firewall rules on both sites (lan to vpn on the main site and vpn to lan on the firewall I want to access) and on the x0 interface of course.

    Is there something I forgot?

    Kind regards,

    Eric

  • shiprasahu93shiprasahu93 Moderator

    @EF999,

    No, that should be all. I have access rules from VPN to LAN specifically for management.

    Source: Any

    Destination: All X0 management IP

    Service: HTTPS management

    Action: Allow

    But this is the solution if packets are being dropped as policy drop. But, that is not the case for you. Since you already have a support ticket created, please submit your EXP and TSR file so that they can investigate further.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    Hi @EF999

    Telnet to HTTP and HTTPS management ports from the remote location and confirm the ports are accessible.

    If its not accessible (X0) the interface through VPN, make sure the VPN Policy enabled the "Managment via this SA enabled HTTPS"

    Finally check the network address objects which is in both firewall under VPN Zone.

    image.png
    https://www.sonicwall.com/support/knowledge-base/remotely-manage-the-sonicwall-through-a-vpn-tunnel/170503349701920/


Sign In or Register to comment.