Subscriber Discussion

Sonicwall Won't Connect To WAN Behind A Switch

BE
Brian Elias
Jun 08, 2018

I'm working with a customer who has a camera system installed by a different vendor and it's configured for remote viewing.  Unfortunately, this is causing the customer (a retail store) to fail their PCI compliance scan due to open ports.

My suggestion was to purchase a second static IP from their WAN vendor (Verizon FiOS) and use 2 routers:  one for their POS system (an existing SonicWall) and a new router for their WiFi and camera access.  So the system would look like this:

Verizon FiOS ONT Box
              |
HP 1810-8g Switch
              |
    |--------------|
SonicWall     Netgear

 

The problem is that when I connect the SonicWall through the HP switch, the WAN port won't connect.  When I set a laptop to the same static IP and plug in it to the same switch port on the HP, it connects fine and is able to pass data.  As soon as I connect the SonicWall directly to the FiOS ONT, it works fine.  

Here are a few more specifics:

SonicWall MTU:  1492
HP MTU:  Default (1500?)
HP Switch:  No VLANs set; LLDP disabled; jumbo frames off; port mirroring off; flow control off; green features off; loop protection off; advanced security off; no trunks configured; management port set to Port 8 on an unused subnet

 

Any help would be great.  Thanks.

 

Ml
Mendy lewis
Jun 09, 2018
Safezone24

Did Try to default both HP and Sonicwall?

BE
Brian Elias
Jun 10, 2018
In reply to Mendy lewis

The SonicWall factory defaulted but I haven’t defaulted the HP.  Is there anything else I’m missing?  It should work, right?

Ml
Mendy lewis
Jun 11, 2018
Safezone24

Check with different router that you do actually get 2 separate public IP from Verizon, then try to set the HP 

Way not connecting the Sonicwall directly to Fios to WAN?

BE
Brian Elias
Jun 11, 2018
In reply to Mendy lewis

Yes - I have confirmed that I get 2 IPs.  I need the WAN switch to connect 2 routers to the single port from the Verizon ONT. 

Avatar
John Bazyk
Jun 11, 2018
Command Corporation • IPVMU Certified

Can they just put it out in the DMZ so it doesn’t touch their network? 

This is one of the reasons we moved to Spectrum. No more dealing with PCI compliance. We just went through a major audit and passed with flying colors. 

(1)
BE
Brian Elias
Jun 11, 2018

Hmm...not a bad idea with the DMZ but I like the extra layer of security of having a router between the DVR/VMS and the internet.  I'll be trying again with the HP switch this morning and I'll report back.  Thanks.

U
Undisclosed #1
Jun 11, 2018

If the laptop works but not the sonicwall, could be that the link speed is set to autonegotiate on the laptop but not the router or something of that nature?

UM
Undisclosed Manufacturer #2
Jun 11, 2018

Did you try also resetting the modem and booting it up with the switch and Sonicwall connected? Sometimes the modem will stick a MAC address assignment with one of the static IP addresses, and you have to reset the modem and boot it up with the needed connected devices to re-associate the MAC with the static IP address. 

You can also try statically setting the switch and WAN port of the router to 100mb/s full or half duplex and see if that works, if it's an auto-negotiation issue.

Avatar
Jon Dillabaugh
Jun 11, 2018
Pro Focus LLC

Try a simple dumb switch instead of the HP switch. See if that works.

(2)
BS
Brian Sharbowicz
Jun 11, 2018
IPVMU Certified

Try configuring the OPT port on the Sonicwall as a WAN port. The actual WAN port may be bad.

CK
Carl Kristoffersen
Jun 12, 2018

Another option would be to drop the additional static IP and do a VPN.

Are they using a virtual terminal to do the CC processing?

 

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions