- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
No Internet access after connecting using GVC in "Route all traffic" with "WAN Load-Balancing"
04/15/2021 
56 People found this article helpful
101,977 Views
Description
No Internet access after connecting using GVC in "Route all traffic" with "WAN Load-Balancing" configured on SonicWall.
Resolution
There are multiple WAN connections on SonicWall and you have configured them in "Round-Robin / Ratio-Based / Spill-over" Load Balancing method. You have also configured "Route All traffic" WANGroup VPN policy to route the GVC users Internet traffic through the SonicWall.
When the GVC users are connected they are able to access the local resources but they are not able to access Internet or the Internet connection is intermittent.
Misconfigured VPN: Refer this article and confirm that the Route All traffic- WAN GroupVPN configuration is correct.
How to configure a 'Route all Traffic' WAN GroupVPN Policy
Missing NAT policies:
- SonicOS Enhanced (6.2.x.x): Click Network | NAT policies.
- SonicOS Enhanced (6.5.x.x): Click Manage | Policies | Rules | NAT policies.
- SonicOS Enhanced (7.x.x.x):Navigate to Policy | Rules and Policies | NAT Rules.
You must add necessary NAT policies which translates the traffic coming from the remote GVC user, as it goes through the WAN of the firewall towards the Internet. This NAT policy will not affect any traffic except traffic heading towards the Internet from route all VPNs.
Consider the following scenario:
>There are 2 WAN interfaces configured on SonicWall X1 and X2.
>WAN Load balancing is set to Round-robin (or) Ratio-based (or) Spill-over.
In this scenario, 2 NAT policies should be configured for each WAN connections to route the GVC traffic properly.
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Outbound NAT for X1 WAN:
Outbound NAT for X2 WAN:
This NAT policy is needed when the SonicWall is routing the GVC traffic through X2 WAN.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Outbound NAT for X1 WAN:
This NAT policy is needed when the SonicWall is routing the GVC traffic through X1 WAN.
Outbound NAT for X2 WAN:
This NAT policy is needed when the SonicWall is routing the GVC traffic through X2 WAN.
Note: If there are more than 2 WAN connections on the SonicWall then you need to create necessary NAT policies.
How to Test:
GVC users should be able to access Internet and to verify whether the Internet traffic is routed through SonicWall they can go to site ipchicken.com or whatismyip.com, it should show any one of the WAN interface IP address configured on the SonicWall.
Related Articles
- Parserror on Event logs.
- Switch from the Policy mode to classic mode on Gen 7 appliances
- Analyzing TCP reset(RST)packets
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO