No Internet when connected to WLAN

12/20/2019 131 23384

DESCRIPTION:

When connected to built in wireless or SonicWall access points, users are not getting access to the Internet. Unable to ping a public IP on Internet or firewall authentication page is disabled when trying to access websites. At the same time LAN users can access Internet.

RESOLUTION:

1. Check if the client is getting a valid IP address. If not check the DHCP scope for WLAN interface in Manage | Network | DHCP Server. Make sure DHCP scope is configured and enabled.
2. Check if the client can ping gateway (WLAN interface IP).
3.  Make sure the below NAT policy is auto added. Navigate to Manage | Rules | NAT Policies.
   Original Source: Any
   Translated Source: WAN Primary IP/X1 IP
   Original Destination: Any
   Translated Destination: Original
   Original Service: Any
   Translated Service: Original
   Inbound Interface: W0/SonicPoint Connected Interface(for instance X4)
   Outbound Interface: X1
   
   Below is the screenshot of the NAT policy which translates the traffic coming from the remote GVC user, as it goes through the WAN of the firewall towards the Internet.
   
   
   
4. Make sure access rule from WLAN to WAN is allowed, navigate to Manage | Rules | Access Rules.
   Source: Any
   Destination: Any
   Service: Any
   Action: Allow
   Users Allowed: All
   
   Below is the screenshot of access rule allowing communication from wireless clients to Internet.
   
   
5. Make sure Guest Services is disabled in WLAN zone. Following is the screenshot of packet capture showing packets getting received from wireless client to a public IP on Internet and not getting forwarded due to guest services misconfigured on WLAN zone.
   
   
   
6. For users that are not using the SonicWall access points please confirm under the WLAN zone (Manage | Network | Zones) that the option Only allow traffic generated by a SonicPoint/SonicWave is disabled.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

1. Check if the client is getting a valid IP address. If not check the DHCP scope for WLAN interface in Network | DHCP. Make sure DHCP scope is configured and enabled.
2. Check if the client can ping gateway (WLAN interface IP).
3.  Make sure the below NAT policy is auto added.
   Original Source: Any
   Translated Source: WAN Primary IP/X1 IP
   Original Destination: Any
   Translated Destination: Original
   Original Service: Any
   Translated Service: Original
   Inbound Interface: W0/SonicPoint Connected Interface(for instance X4)
   Outbound Interface: X1
   Below is the screenshot of the NAT policy which translates the traffic coming from the remote GVC user, as it goes through the WAN of the firewall towards the Internet.
   
   
   
4. Make sure access rule from WLAN to WAN is allowed.
   Source: Any
   Destination: Any
   Service: Any
   Action: Allow
   Users Allowed: All
   Below is the screenshot of access rule allowing communication from wireless clients to Internet.
   
   
   
5. Make sure Guest Services is disabled in WLAN zone. Following is the screenshot of packet capture showing packets getting received from wireless client to a public IP on Internet and not getting forwarded due to guest services misconfigured on WLAN zone.
   
   
   
6. For users that are not using the SonicWall access points please confirm under the WLAN zone (Network | Zones) that the option Only allow traffic generated by a SonicPoint is disabled.