SonicWall update

[Bill Stout <Bill.Stout () AristaSoft com>]

Update on SonicWall pains.

SonicWalls seem to have a problem when they're configured on a 10.x.x.x
network, and are deployed to same or other network.  They tend to want to
own all the local IPs.  It ends up becoming a real nasty D.O.S. against
internal systems, where the arp cache for many/most/all IPs show the
Ethernet address of the SonicWall.

This was triggered by an extranet server which could not access a local
server through it's inside network, so it tried the outside network.  A
SonicWall configured with NAT and a VPN connected to the internal network
saw the access attempt to internal address, and it then claimed those
internal addresses, which appeared to trigger a cascade of 'Duplicate IP
address detected' messages on servers and desktops.  Clearing arp caches in
systems and switches took some time.  

This was not one of my happier days.

SonicWall states that this may have been caused by the application of the
box as a VPN device with maybe 5 max concurrent users across the link.
Although the licensing is good for 10 or 50 users, it does collectively
count all IP addresses that attempt to access it, possibly complicated by
the use of NAT.

More to follow.

Bill Stout