No Internet when connected to WLAN

06/14/2023 254 People found this article helpful 500,362 Views

Description

When connected to built in wireless or SonicWall access points, users are not getting access to the Internet. Unable to ping a public IP on Internet or firewall authentication page is disabled when trying to access websites. At the same time LAN users can access Internet.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Check if the client is getting a valid IP address. If not check the DHCP scope for WLAN interface in Network | System | DHCP Server. Make sure DHCP scope is configured and enabled.
Check if the client can ping gateway (WLAN interface IP).
Make sure the below NAT policy is auto added. Navigate to Policy | Rules and Policies | NAT Rules.
Original Source: Any
Translated Source: WAN Primary IP/X1 IP
Original Destination: Any
Translated Destination: Original
Original Service: Any
Translated Service: Original
Inbound Interface: W0/SonicPoint Connected Interface(for instance X4)
Outbound Interface: X1
Make sure access rule from WLAN to WAN is allowed, navigate to Policy | Rules and Policies | Access Rules.
Source: Any
Destination: Any
Service: Any
Action: Allow
Users Allowed: All

Below is the screenshot of access rule allowing communication from wireless clients to Internet.
Make sure Guest Services is disabled in WLAN zone (Object | Match Objects | Zones) .
For users that are not using the SonicWall access points please confirm under the WLAN zone (Object | Match Objects | Zones) that the option Only allow traffic generated by a SonicPoint/SonicWave is disabled.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Check if the client is getting a valid IP address. If not check the DHCP scope for WLAN interface in Manage | Network | DHCP Server. Make sure DHCP scope is configured and enabled.
Check if the client can ping gateway (WLAN interface IP).
Make sure the below NAT policy is auto added. Navigate to Manage | Rules | NAT Policies.
Original Source: Any
Translated Source: WAN Primary IP/X1 IP
Original Destination: Any
Translated Destination: Original
Original Service: Any
Translated Service: Original
Inbound Interface: W0/SonicPoint Connected Interface(for instance X4)
Outbound Interface: X1

Below is the screenshot of the NAT policy which translates the traffic coming from the remote GVC user, as it goes through the WAN of the firewall towards the Internet.
Make sure access rule from WLAN to WAN is allowed, navigate to Manage | Rules | Access Rules.
Source: Any
Destination: Any
Service: Any
Action: Allow
Users Allowed: All

Below is the screenshot of access rule allowing communication from wireless clients to Internet.
Make sure Guest Services is disabled in WLAN zone. Following is the screenshot of packet capture showing packets getting received from wireless client to a public IP on Internet and not getting forwarded due to guest services misconfigured on WLAN zone.
For users that are not using the SonicWall access points please confirm under the WLAN zone (Manage | Network | Zones) that the option Only allow traffic generated by a SonicPoint/SonicWave is disabled.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Check if the client is getting a valid IP address. If not check the DHCP scope for WLAN interface in Network | DHCP. Make sure DHCP scope is configured and enabled.
Check if the client can ping gateway (WLAN interface IP).
Make sure the below NAT policy is auto added.
Original Source: Any
Translated Source: WAN Primary IP/X1 IP
Original Destination: Any
Translated Destination: Original
Original Service: Any
Translated Service: Original
Inbound Interface: W0/SonicPoint Connected Interface(for instance X4)
Outbound Interface: X1
Below is the screenshot of the NAT policy which translates the traffic coming from the remote GVC user, as it goes through the WAN of the firewall towards the Internet.
Make sure access rule from WLAN to WAN is allowed.
Source: Any
Destination: Any
Service: Any
Action: Allow
Users Allowed: All
Below is the screenshot of access rule allowing communication from wireless clients to Internet.
Make sure Guest Services is disabled in WLAN zone. Following is the screenshot of packet capture showing packets getting received from wireless client to a public IP on Internet and not getting forwarded due to guest services misconfigured on WLAN zone.
For users that are not using the SonicWall access points please confirm under the WLAN zone (Network | Zones) that the option Only allow traffic generated by a SonicPoint is disabled.