Firewall management not working over VPN, packet capture shows a Packet Dropped - Policy Drop
07/18/2022 12 People found this article helpful 186,261 Views
In deployments spread across multiple sites, VPNs are created for the secure transfer of traffic from one site to another. In some cases, Firewall Admins might have to log in to remote side firewalls and SonicWall allows us an option to do that as long as the remote side firewall has HTTPS management enabled on VPN.
For detailed instructions on Firewall management over VPN please refer to the following KB: Remotely manage the SonicWall through a vpn tunnel
When the HTTPS option is enabled on a VPN, the firewall creates an Access Rule from VPN to LAN with service HTTPS management and sets the action as Allow.
In some cases, the Firewall drops this management traffic as Packet Dropped - Policy Drop. Firewall Admins will be able to verify it if they capture the traffic flow using the Packet Monitor feature of the Firewall.
Example: In the below screenshot it can be noticed that the traffic from the VPN for Port 443 TCP is being Dropped as Packet Dropped - Policy Drop.
The reason for this issue is that the Access Rule created for management is not getting triggered. This can be verified from the statistics on the Access Rule. The statistics on the Access Rule will show a "0" under all sections
- On the Access Rule, Click Configure.
- A Checkbox labeled as Enable Management can be seen at the bottom of the Popup screen.
- This option will be Set to a Checked/ Enabled state or Unchecked/disabled state. This behavior is firmware-specific. Try toggling the state of this checkbox (If it is "Checked/Enabled", try "Unchecking/Disabling" and Vice-Versa) and see if the issue is fixed.
- If the issue is still not fixed, please reach out to Technical Support for further troubleshooting.
There are two ways to contact technical support:
1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case.
2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.
If you do not have a mysonicwall.com account create one for free!
Was This Article Helpful?