SonicWALL intermittent connection issues

Some older SonicWall routers or newer ones with a configuration that was imported have default NAT rules listed for “WAN Primary Subnet”, this causes the SonicWall to respond to all ARP queries on the entire subnet of the WAN interface even if the client is not assigned those IPs by the ISP. If you see these rules please disable them and flush the ARP cache to help prevent issues with the connected internet connection. This article helped to resolve this once the ISP pointed out it was an issue http://serverfault.com/questions/294817/how-can-i-stop-my-sonicwall-tz-210-sonicos-enhanced-5-5-1-0-5o-from-responding

Oddly even though the SonicWall responds to the ISP router with the ARP it does not put these entries in its own ARP table and the only way to see it is to have the ISP check the ARP table on their connected router.

In this case the client only had .198-.200 assigned to them but the SonicWall was responding to ARP on the entire usable block of .194-.201

PEMTK82#sh ip arp | inc 98.XXX.XXX

Internet 98.XXX.XXX.177 – 0014.f1eb.3bd9 ARPA Bundle1

Internet 98.XXX.XXX.185 0 0006.b13a.a2ca ARPA Bundle1

Internet 98.XXX.XXX.193 – 0014.f1eb.3bd9 ARPA Bundle1

Internet 98.XXX.XXX.194 51 c0ea.e458.XXXX ARPA Bundle1

Internet 98.XXX.XXX.195 53 c0ea.e458.XXXX ARPA Bundle1

Internet 98.XXX.XXX.196 45 c0ea.e458.XXXX ARPA Bundle1

Internet 98.XXX.XXX.197 222 c0ea.e458.XXXX ARPA Bundle1

Internet 98.XXX.XXX.198 0 c0ea.e458.XXXX ARPA Bundle1

Internet 98.XXX.XXX.199 0 c0ea.e458.XXXX ARPA Bundle1

Internet 98.XXX.XXX.200 10 c0ea.e458.XXXX ARPA Bundle1

Internet 98.XXX.XXX.201 67 c0ea.e458.XXXX ARPA Bundle1

Internet 98.XXX.XXX.202 0 0012.1ebd.99a8 ARPA Bundle1

Internet 98.XXX.XXX.203 6 000b.8660.4b74 ARPA Bundle1

Internet 98.XXX.XXX.204 134 0025.614a.af00 ARPA Bundle1

Internet 98.XXX.XXX.205 2 a0f3.c1c3.f5a3 ARPA Bundle1

Internet 98.XXX.XXX.206 255 0017.c54e.b575 ARPA Bundle1

To disable the rules uncheck the highlighted boxes and then go to the ARP page and clear the cache.

Leave a Reply

Your email address will not be published. Required fields are marked *