Skip to main content

SonicWALL Enhanced OS

Holy Moly!  I went to configure a simple port-forwarding rule on a customer’s SonicWALL TZ200 today and entered into a whole world of hurt!

All I wanted to do was allow HTTP traffic into an internal web server – exceedingly straightforward on any device I’ve ever worked on before… not so under SonicOS Enhanced!

After about an hour of bizarrely confusing options I realised that one needs to create an address object for the internal server, create a NAT policy to allow access, and then create a firewall access rule.  This doesn’t sound too bad except it wasn’t that simple in fact.  To add to the confusion, I managed to create a NAT loop which killed the network!  That was purely down to my own stupidity though!

So how did I get it to work?  I gave in and used one of the wizards after looking at the following excellent post online: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7027

Turns out the device needs THREE NAT policies (inbound, outbound, and loopback) plus address object, plus firewall access rule!  What?!!

My advice: take your time with this OS and use the wizards unless you’ve got loads of experience with these devices.

Comments

Post a Comment

Popular posts from this blog

Where are SCANPST.EXE and/or SCANOST.EXE?

I sometimes have to deal with customer computers whose Outlook PST or OST files have become corrupted.  Very often the fix is to run SCANPST.EXE on the offending PST/OST file.   However, every time I go to do this I forget where the two executable files are.  Here is where they are on a Vista machine running Office 2007: C:\Program Files\Microsoft Office\Office12 I hope this helps.
11 comments
Read more

Resolve WSUS Server issue that gives "Cannot save configuration because the server is still processing"

This is a pretty infuriating error and can sometimes crop up as a result of running a "wsusutil reset" command. First of all, give the server some time, and then a bit more...  but you've probably already done this. These steps may help to resolve the situation: - Install Microsoft SQL Management Studio (free download) - Run SQL Management Studio and start to connect to the WSUS database - Enter this in the "Server Name" box:  \\.\pipe\MICROSOFT##WID\tsql\query - Expand the "Databases" tree - Right-click on "SUSDB" and choose "New Query" - Paste this query in:     UPDATE tbSingletonData     SET ResetStateMachineNeeded = 0 - You should see a message like "1 row affected", which is good - Quit SQL Management Studio - Open "Services" and restart the "WSUS Service" - Now, open WSUS
Post a Comment
Read more

Logon Scripts in Group Policy not running

Problem  Was having difficulty with a logon script I had created and was deploying to users via Group Policy. The script was to customise printer settings for certain users. But it just wasn't running when the users would logon to their PCs. The GPO was applying properly, and I could run the script manually without issue. Cause It turns out that it was happening because, by default, logon scripts don't run for 5 mins after logon occurs on a Windows client PC. Solution This can be adjusted by setting the "Configure Logon Script Delay policy" to "Enabled" and then configuring a better delay. Note: if this policy is set to disabled or not configured, the default delay of 5 mins will apply. I initially set this delay to "0" but found that wasn't successful.  Perhaps the script needed a small delay. So I set it to "1" (1 minute) and it worked nicely. I must also note that during the troubleshooting process, I read many recommendations to e...
Post a Comment
Read more