Sonicwall 4100 wrong NAT

Hello Group,

I discovered a problem on a Sonicwall 4100 and NAT.
On the external Address is the sonicwall connected, 2 hosts are behind the
firewall.
Host A sends a icmp echo request to an external IP, the reply comes as
expected.
If I now start an icmp echo request from host B to the same external IP,
the expected reply comes and the reply which is usually for host A comes
also to host B. On the Sonicwall itlsef I sniffed via the included packet
trace and it seems all to be correct.
But the second reply on host B has the sequence number of the echo request
it was sent by host A, by this time host A doesn't get any icmp reply
packets.
Does anyone have similar problems?
BTW: I have a open ticket at sonisupport since a week with no solution...

regards

Re: Sonicwall 4100 wrong NAT

Am Tue, 22 May 2007 06:53:33 +0000 schrieb Burkhard Ott:

The problem comes only up with firware 3.5.x, I've never seen more crap
like this.
If somebody thinks about buying sonicwall, be warned you get for the same
money better stuff than sonicwall.

Re: Sonicwall 4100 wrong NAT

On May 28, 9:27 am, Burkhard Ott wrote:
> Am Tue, 22 May 2007 06:53:33 +0000 schrieb Burkhard Ott:
>
> The problem comes only up with firware 3.5.x, I've never seen more crap
> like this.
> If somebody thinks about buying sonicwall, be warned you get for the same
> money better stuff than sonicwall.

I've dealt with SonicWall numerous times, never had a real problem
that couldn't be fixed. Contact them and if the problem is theirs,
they will fix it. But then again, if you bought your 4100 second
hand, then you might have to spend a few bucks to get some support...

Re: Sonicwall 4100 wrong NAT

Am Wed, 30 May 2007 06:06:28 -0700 schrieb RedForeman:

> On May 28, 9:27 am, Burkhard Ott wrote:
>> Am Tue, 22 May 2007 06:53:33 +0000 schrieb Burkhard Ott:
>>
>> The problem comes only up with firware 3.5.x, I've never seen more crap
>> like this.
>> If somebody thinks about buying sonicwall, be warned you get for the same
>> money better stuff than sonicwall.
>
> I've dealt with SonicWall numerous times, never had a real problem
> that couldn't be fixed. Contact them and if the problem is theirs,
> they will fix it. But then again, if you bought your 4100 second
> hand, then you might have to spend a few bucks to get some support...

Haha, Sonicwall is the worst crap I've ever seen.
We've bought all new stuff 3x 4100 and 2x 5600, here some examples what
the technical support told me (3rd level enginrer)

1. problem if you ping from 2 hosts (lan side) only one receives the icmp
packets for both, the regular reply and the reply for host 2.
2. RSA keylen >=4096 crashes the firewall, after a successfull ssh login
the session will be closed and after the new connect you get a new hostkey
and the session will be closed.
3. IPSec VPN implementation is absolutely bogus, if you want more
information I can tell you really nice stories.
4. Sometimes the whole box crashes for no reason.
5. CFS filters even if its switched off.
etc....
The technical support has no idea how to fix that, but they could see and
rebuild the problems as I described.
The support need really more lessons how IPSec works, they had no idea how
it works and told me totaly bullshit.
(The would like filter phase2 Networkinformation via the firewall rules,
isn't that nice).
The result is, we bring the crap back.

Everybody be warned keep the hands off from sonicwall.

Re: Sonicwall 4100 wrong NAT

Am Wed, 30 May 2007 14:43:15 +0000 schrieb Burkhard Ott:

> Am Wed, 30 May 2007 06:06:28 -0700 schrieb RedForeman:
>
>> I've dealt with SonicWall numerous times, never had a real problem
>> that couldn't be fixed. Contact them and if the problem is theirs,
>> they will fix it. But then again, if you bought your 4100 second
>> hand, then you might have to spend a few bucks to get some support...

I still have an addition, I discovered on both sonicwalls (4100 and 5600)
a bug. If you need ospf on 2 devices, let's say x0 and x1 then the ospfd
stops on all devices. The support (we use the highest level support) told
me yep thats a bug nothing else.
Whooohoo a bug and now, nothing about fixing nothing about a workaround
how to deal with this.
The datathroughput is incedible slow, we're hooked up to an 100 Mbit line,
the maximum throughput was at the highest level 4 Mbit (that was a good
day), normally we get 1 Mbit.
With the Laptop direct on the (external) line I have 100 Mbit and it
doesn't matter how much sensless *.iso files I download, the rate is
almost constant. The sonicsupport means "...even when content filtering is
switched off, it still works because it's deep inspection and the cpu
isn't used that much.." isn't that bullshit?
It's nice that you don't have such problems, I discovered all these bugs
on 5 sonicwalls, the support tells me 3 weeks the same crap "yes can see
the same problems, we will escalate to the engineers", thats it.
No never sonicwall in my area of the datacenter!

Re: Sonicwall 4100 wrong NAT

On May 30, 3:21 pm, Burkhard Ott wrote:
> Am Wed, 30 May 2007 14:43:15 +0000 schrieb Burkhard Ott:
>
> > Am Wed, 30 May 2007 06:06:28 -0700 schrieb RedForeman:
>
> >> I've dealt with SonicWall numerous times, never had a real problem
> >> that couldn't be fixed. Contact them and if the problem is theirs,
> >> they will fix it. But then again, if you bought your 4100 second
> >> hand, then you might have to spend a few bucks to get some support...
>
> I still have an addition, I discovered on both sonicwalls (4100 and 5600)
> a bug. If you need ospf on 2 devices, let's say x0 and x1 then the ospfd
> stops on all devices. The support (we use the highest level support) told
> me yep thats a bug nothing else.
> Whooohoo a bug and now, nothing about fixing nothing about a workaround
> how to deal with this.
> The datathroughput is incedible slow, we're hooked up to an 100 Mbit line,
> the maximum throughput was at the highest level 4 Mbit (that was a good
> day), normally we get 1 Mbit.
> With the Laptop direct on the (external) line I have 100 Mbit and it
> doesn't matter how much sensless *.iso files I download, the rate is
> almost constant. The sonicsupport means "...even when content filtering is
> switched off, it still works because it's deep inspection and the cpu
> isn't used that much.." isn't that bullshit?
> It's nice that you don't have such problems, I discovered all these bugs
> on 5 sonicwalls, the support tells me 3 weeks the same crap "yes can see
> the same problems, we will escalate to the engineers", thats it.
> No never sonicwall in my area of the datacenter!

Got me... I only used it for simple installs... obviously you're
situation is not as simple...

ymmv

RedForeman