Bonedoc Premium Member join:2001-06-19 Chino Valley, AZ 1 edit |
Bonedoc
Premium Member
2015-Jan-28 3:04 pm
Sonicwall TZ 215 and WinSCPHello, I've the above SW firewall in a private lan set up to a Cableone Modem. All connections work well, I've an Unifi AP hooked in to the firewall, wireless thru that is splendid.
However a privately contracted provider for medical software has provided 11 laptops to my company and, while they show perfectly connected wirelessly, they won't upload or download the 'data' from that company. The culprit "seems" (and they are just a company, cannot get much else from them just yet about 'other' such issues) to be WinSCP. A popup indicates it is being refused thru our firewall. I have ssh allowed (and SWs seem to allow FTPs and so forth anyway without having to do much)... I've allowed their domain in our Cont filtering configuration, so forth.
Anyone familiar with the TZ215... just not sure what else to do... thanks very much |
|
aguen Premium Member join:2003-07-16 Grants Pass, OR |
aguen
Premium Member
2015-Jan-28 6:40 pm
Your description of the network topology between you and the destination is somewhat confusing, along with what port(s) you have opened up in/out on your side and the destination side. Please clarify. |
|
|
|
to Bonedoc
Do you have Gateway antivirus, antispyware and/or IPS enabled? Have you checked the logs? Sonicwall's come pre configured to let everything outbound, but restrict inbound.
My guess is IPS is enabled and is blocking communication, but you'll need to provide more detail so we can actually narrow this down.
--CDM |
|
AsherN Premium Member join:2010-08-23 Thornhill, ON |
to Bonedoc
My guess is local firewall/AV. I've never seen SonicWall product popup messages. The packets would just silently die at the firewall. |
|
Bonedoc Premium Member join:2001-06-19 Chino Valley, AZ |
to aguen
The SonicWall is in Prescott, AZ... the software vendor's servers are in Northern CA. I have not needed, in our other working TZ 215s, to specifically open any non-standard ports. I am not in front of the SW now but will check port config however not recalling anything that jumped out as 'specially' restrictive. I will be back at the Sonicwall this AM (Thursday). Thank you! |
|
Bonedoc |
to domnatr6
Yes, those services are active on the sonicwalls... And I will take a look at that this AM (normally can remote but right now my own comms are down) BUT the part that is interesting is that six weeks ago none of these issues were occuring... actually the last week of '14. Now since about the end of the first week in Jan it is able to connect to all other vendors, internet, emails, etc, but suddenly this is not working... I will look more deeply into the IPS (see below for expanation of the message). Thank you very much! |
|
Bonedoc |
to AsherN
Well, the 'pop up' is not Sonicwall's, sorry, should have clarified that. The popup window indicating a "failure to transfer WinSCP" is from within the 'vendors' software interface. These machines measure 'brain waves'... record the data and then at set times all the data is uploaded (and not, say, thru a VPN or such but "I" think it is acting like that although the vendor has not been helpful in providing port numbers or specific protocols) and 'new' sessions are downloaded to be used by future clients.
So, and all these laptops have been provided by the vendor and are managed by the vendor remotely (yeah, I know), these machines 'can' connect to the internet, can surf (minimally as that has been restricted by them) and have NO AV or AM on them ... they all run off a single Unifi AP Ext device, there are 11 such laptops.
If I walk the laptop a few hundered yards to within one of our other 'Sonicwall' protected (we have five TZ215s - all configured to my knowledge 'identically') networks, CONNECTS and uploads, downloads immediately... we can go back to work.
I have sat next to two layouts of the two Sonicwalls, check each one for some difference and (while there must be) I've not found it. I've opened up content filtering 'just in case' their is something in the domain but I doubted it and it made no difference. FTP and SSH, all allowed out, will check inbound. Greatly appreciate the help |
|
|
plug a laptop in via wire to the sonic, if it works, should point to the unifi |
|
|
to Bonedoc
open up the sonicwall and start a packet capture. get the IP address from one of the laptops and fill out all the information on the capture/monitor sections in the sonicwall and start a capture. if everything is configured properly, you should see the packets. are the consumed, dropped, etc...? you can click on the dropped packet and see more information, below. |
|
|
to Bonedoc
Agree with most of the posts so far... I'd add "if you have a support contract with Sonicwall, may be worthwhile to get their assistance on this."
Another thought is to try another SCP client, just for chuckles.
My 00000010bits
Regards |
|
Bonedoc Premium Member join:2001-06-19 Chino Valley, AZ |
to tomdlgns
Yes... did do a capture. Set the IP to only the laptop we were working on (there are 11 however) and really only a few UDP packets dropped... now of course if it ws 'one' the was needed to complete the WinSCP connection but I don't know... A tracert to the 'ip' of the 'server' running the software timed out... several times. Still an issue. Thanks for the help. |
|
|
to Bonedoc
...may want to set that capture on the WAN interface of the sonicwall -- or if you have some way of putting a tap point outside of the sonicwall like so isp-->"sniffer"-->(WAN int) sonicwall tz215 (LAN int)
Regards |
|
Bonedoc Premium Member join:2001-06-19 Chino Valley, AZ |
Bonedoc
Premium Member
2015-Feb-4 8:33 am
Yes... Will give this a shot and may well call SonicWall (Dell) as we do have a support agreement. As an aside, all five of our Sonicwalls go thru 'static ip' addresses to one ISP's network. A tracert from the 'bad' network hangs up three links out (never mind the ip addresses)... all the rest of the (4) routes 'do not even go there' (IP address completely different)... we've contacted GoDaddy (one of the iPs is their's in Phoenix, AZ) but I am rather suprised that there is a different route given all coming from basically one geographic spot to the 'same' IP address in CA.
Thanks again. |
|