Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TZ170 not allowing traffic other than one IP

Status
Not open for further replies.
zero118

zero118

Technical User
Dec 30, 2011
2
US
I have a tz170 SonicWall that I'm having an issue with... Apparently something has changed and only one ip address (192.168.1.5, primary server) has access to the internet. If I use this server as a proxy all is well. But I need to pass enough those who don't use the proxy to the internet.

I cannot figure out where the SonicWall might be stopping traffic other than that from 192.168.1.5.

This is ALL traffic, not just HTTP or HTTPS. Thanks! :)
 
Sort by date Sort by votes
Sounds like you have a route built to allow traffic from a host rather than a network. Being, host: 192.168.1.5 rather than a network 192.168.1.0.

--DB

 
Upvote 0 Downvote
Our hunch guess is you are using enforced AV and an update broke causing all but the excluded server IP internet access but this would need to be investigated.

Pre-requisites:-
1. You need to know whether TZ 170 is unit Sonic OS Standard or Enhanced

Things that you can try:

1. Check whether the TZ 170 is the default gateway for the PC’s. If you are using the Server 192.168.1.5 as a HTTP Proxy, then there is probability that it can be set to route as well so the server/another device like a router in the LAN might be the PC’s Default Gateway, if so then it needs to be changed to the SonicWALL LAN IP address.
2. Check the access rules on the TZ 170, essentially from LAN to WAN if there is a rule blocking (DENY) the access of PC’s excluding the Server 192.168.1.5 to the Internet.
3. If there is a rule/rules that’s blocking the PC’s from getting online, reading the TZ 170 Logs can tell SonicWALL support about the traffic drops.
4. SonicWALLSupport can also locate where the issue is with a Packet Capture on the TZ 170 of the traffic sent by a PC to the Internet. Apart from that SonicWALL support can check TSR and the settings file (.EXP) of the TZ 170 to see whether there is any configuration issue causing the issue.

The 4th point would require some active Tech Support Engagement.
 
Upvote 0 Downvote
It's Standard.

I've checked the rules... Nadda. Ideally it would force all traffic to go through the server instead of the firewall as the default gateway.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
283
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
254
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
301
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
92
Russtoleum
Russtoleum
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
75
gbayi_omo
gbayi_omo

Part and Inventory Search

Sponsor

Back
Top