- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Firewall management not working over VPN, packet capture shows a Packet Dropped - Policy Drop
07/26/2021 
4 People found this article helpful
31,880 Views
Description
In deployments spread across multiple sites, VPNs are created for the secure transfer of traffic from one site to another. In some cases, Firewall Admins might have to log in to remote side firewalls and SonicWall allows us an option to do that as long as the remote side firewall has HTTPS management enabled on VPN.
For detailed instructions on Firewall management over VPN please refer to the following KB: Remotely manage the SonicWall through a vpn tunnel
When the HTTPS option is enabled on a VPN, the firewall creates an Access Rule from VPN to LAN with service HTTPS management and sets the action as Allow.
Example:
In some cases, the Firewall drops this management traffic as Packet Dropped - Policy Drop. Firewall Admins will be able to verify it if they capture the traffic flow using the Packet Monitor feature of the Firewall.
Example: In the below screenshot it can be noticed that the traffic from the VPN for Port 443 TCP is being Dropped as Packet Dropped - Policy Drop.
Cause
The reason for this issue is that the Access Rule created for management is not getting triggered. This can be verified from the statistics on the Access Rule. The statistics on the Access Rule will show a "0" under all sections
Resolution
- On the Access Rule, Click Configure.
- A Checkbox labeled as Enable Management can be seen at the bottom of the Popup screen.
- This option will be Set to a Checked/ Enabled state or Unchecked/disabled state. This behavior is firmware-specific. Try toggling the state of this checkbox (If it is "Checked/Enabled", try "Unchecking/Disabling" and Vice-Versa) and see if the issue is fixed.
- If the issue is still not fixed, please reach out to Technical Support for further troubleshooting.
There are two ways to contact technical support:
1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case.
2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.
If you do not have a mysonicwall.com account create one for free!
Related Articles
- DNS Resolution of Wildcard FQDN Address Objects
- All associated wildcard FQDN IP addresses do not display in the web browser
- How to Re-Install The Junk Store
Categories
- Firewalls > NSa Series > Firewall Management
- Firewalls > NSsp Series > Firewall Management
- Firewalls > SonicWall NSA Series > Firewall Management UI
- Firewalls > SonicWall SuperMassive 9000 Series > Firewall Management UI
- Firewalls > TZ Series > Firewall Management UI
YES
NO