Cannot reach destination host in SSLVPN

Description

There are two interfaces in bridged mode each of them assigned to a different zone.

Connecting to the SSLVPN, it's impossible to reach the destination host.

Cause

The issue is related to the bridged mode between two interfaces in two different zones.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

When you configure the SSLVPN profile, the firewall will automatically create an access rule for the LAN zone to permit the traffic from the SSLVPN | Go to Policy | Rules and Policies | Access Rules and select SSLVPN to LAN

If you try to reach the destination host, doing a packet monitor you can see the traffic dropped due to "Policy Dropped".

To allow the traffic to pass through the firewall, you need to create the same access rule from the other zone (i.e. the zone of the secondary bridged I/F) allowing the traffic from the SSLVPN | Go to Policy | Rules and Policies | Access Rules and select SSLVPN to custom_zone.


Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

When you configure the SSLVPN profile, the firewall will automatically create an access rule for the LAN zone to permit the traffic from the SSLVPN  | Go to Manage | Policies | Rules | Access Rules and select SSLVPN to LAN

If you try to reach the destination host, doing a packet monitor you can see the traffic dropped due to "Policy Dropped".

To allow the traffic to pass through the firewall, you need to create the same access rule from the other zone (i.e. the zone of the secondary bridged I/F) allowing the traffic from the SSLVPN | Go to Manage | Policies | Rules | Access Rules and select SSLVPN to custom_zone.


Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

 When you configure the SSLVPN profile, the firewall will automatically create an access rule for the LAN zone to permit the traffic from the SSLVPN  | Go to Firewall | Access Rules and select SSLVPN to LAN

If you try to reach the destination host, doing a packet monitor you can see the traffic dropped due to "Policy Dropped".

To allow the traffic to pass through the firewall, you need to create the same access rule from the other zone (i.e. the zone of the secondary bridged I/F) allowing the traffic from the SSLVPN | Go to Firewall | Access Rules and select SSLVPN to custom_zone.

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community