We've got a SonicWall NSA2400 configured with a LAN (X0) and a WAN(X1) interface.
It was setup and working fine until just recently when a temporary worker changed some settings most likely NAT.
We can ping on the LAN just fine, we also have another FW setup that works just fine with internet connectivity so we know that's not the issue.
Pinging between the two firewalls work fine and also inbetween clients.
We have tried NAT rules that blows everything wide open, basically allow Any to Any with Any service and so forth. We cannot ping our ISP DNS either. We even tried adding the Google DNS (8.8.8.8) to no avail.
If I setup a computer with the WAN IP & DNS everything works fine, same as through other FW's.
I don't have much experience with SW FW's, what is interesting however is that if you ping out from a client. It is able to resolve the hostname to an IP, e.g.
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Request timed out.
Request timed out.
Etc.
This works for ANY address/hostname we ping, it will resolve to IP then timeout.
Trying to go through a webpage to both hostname or IP and it won't connect.
Has anyone ran into a similar problem? Any help would be greatly appreciated.
Thanks in advance and best regards.
Tom
Best Answer
Start with the logs. Don't go diving in changing the configuration straight off the bat, it usually makes things worse and you end up forgetting what you changed as well.
Hopefully, by looking at the logs you should be able to identify what was changed. Failing that, can you see through the logs if the firewall is dropping/rejecting packets?
The fact that you can resolve DNS suggests that your routing and NAT is in place (unless you are running an internal caching nameserver), but general traffic is being blocked. This sounds to me like a firewall rule gone wrong.
Failing all of the above, take a backup of the system logs now so you can analyse them later, then just restore the system from a good backup. You should then analyse the logs of the 'broken' config to identify what was done.