SonicWALL Enhanced OS

-

Holy Moly!  I went to configure a simple port-forwarding rule on a customer’s SonicWALL TZ200 today and entered into a whole world of hurt!

All I wanted to do was allow HTTP traffic into an internal web server – exceedingly straightforward on any device I’ve ever worked on before… not so under SonicOS Enhanced!

After about an hour of bizarrely confusing options I realised that one needs to create an address object for the internal server, create a NAT policy to allow access, and then create a firewall access rule.  This doesn’t sound too bad except it wasn’t that simple in fact.  To add to the confusion, I managed to create a NAT loop which killed the network!  That was purely down to my own stupidity though!

So how did I get it to work?  I gave in and used one of the wizards after looking at the following excellent post online: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7027

Turns out the device needs THREE NAT policies (inbound, outbound, and loopback) plus address object, plus firewall access rule!  What?!!

My advice: take your time with this OS and use the wizards unless you’ve got loads of experience with these devices.

Comments

Post a Comment

Popular posts from this blog

Evolution MK-249C MIDI Keyboard Mac OS X Problem

-
Mac OS X generally seems capable of dealing with just about anything you can throw at it. However upon connecting my trusty Evolution MK-249C MIDI keyboard up to my 2nd generation MacBook it steadfastly refused to play ball. This keyboard has always been instantly recognised by Windows XP and so it was surprising to encounter this. The M-Audio website (M-Audio took over Evolution it appears) offered no real assistance. There was no driver available for Mac OS X 10.4.9 as the keyboard is supposed to be "Class Compliant" which apparently means it doesn't need one... strange. Eventually after consulting some forums I found the fix. The problem seems to be related to Mac OS on the Intel MacBooks. There is a patch on the M-Audio site but only for MacOS 10.1.5. This must be downloaded and installed. Here is the link: http://www.m-audio.com/index.php?do=support.drivers&f=596 Upon restarting the OS the keyboard was recognised by Mac OS and GarageBand had no trouble
Read more

Using VoIP with SmoothWall

-
Image
I’ve been playing with SmoothWall Express (Polar) recently and am generally pretty impressed.  However, my Linksys SPA921 IP Phone hadn’t been working.  I decided to turn my attention to it today. The phone wouldn’t give a dial tone at all unless I used the “SIP Proxy” option in SmoothWall, however, that wouldn’t allow any outgoing calls.  I tried creating various exceptions in the firewall, even setting the phone to be an “always allowed machine”, all to no avail. Then I hit on the solution… I had a BT ADSL router connecting to the internet performing NAT, the SmoothWall connected to this performing NAT, and the IP Phone connecting to the SmoothWall as shown in the diagram below: SIP doesn’t appear to play nicely with this double-NAT arrangement.  So I changed the WAN configuration on my BT ADSL router to run in “Bridged” mode and then configured the “Red” (internet) interface on the SmoothWall to run in PPPoE mode.  This required configuring the BT broadband username and pa
Read more

McAfee does my head in

-
I’ve said it before and I’ll say it again: to all intents and purposes installing McAfee Anti-virus software is pretty much as bad as getting a virus.  There, I said it.  Again. I’ve lost count of how many problems I’ve had with customer PCs over the years where the root of the problem was McAfee in one or another of its hideous incarnations.  But here’s one that’s fresh in my head because I’ve only just sorted it out… A customer had a PC that wouldn’t connect to the iTunes Store in iTunes.  He could do everything else with iTunes, just not connect to the store.  Actually, now I think of it he probably wouldn’t have been able to use the internet radio stations in iTunes either.  He could access the internet and send/receive emails just fine.  iTunes just refused to play ball.  When I ran the Diagnostics in iTunes I got an error –3221. Well what could cause this?  Probably a firewall I thought.  The customer had McAfee Security Center with VirusScan and Personal Firewall.  They also
Read more