Firewall Wizards mailing list archives
SonicWall update
From: Bill Stout <Bill.Stout () AristaSoft com>
Date: Wed, 15 Sep 1999 00:53:18 -0700
Update on SonicWall pains. SonicWalls seem to have a problem when they're configured on a 10.x.x.x network, and are deployed to same or other network. They tend to want to own all the local IPs. It ends up becoming a real nasty D.O.S. against internal systems, where the arp cache for many/most/all IPs show the Ethernet address of the SonicWall. This was triggered by an extranet server which could not access a local server through it's inside network, so it tried the outside network. A SonicWall configured with NAT and a VPN connected to the internal network saw the access attempt to internal address, and it then claimed those internal addresses, which appeared to trigger a cascade of 'Duplicate IP address detected' messages on servers and desktops. Clearing arp caches in systems and switches took some time. This was not one of my happier days. SonicWall states that this may have been caused by the application of the box as a VPN device with maybe 5 max concurrent users across the link. Although the licensing is good for 10 or 50 users, it does collectively count all IP addresses that attempt to access it, possibly complicated by the use of NAT. More to follow. Bill Stout
Current thread:
- SonicWall update Bill Stout (Sep 18)