dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
708
Bonedoc
Premium Member
join:2001-06-19
Chino Valley, AZ

1 edit

Bonedoc

Premium Member

Sonicwall TZ 215 and WinSCP

Hello,
I've the above SW firewall in a private lan set up to a Cableone Modem. All connections work well, I've an Unifi AP hooked in to the firewall, wireless thru that is splendid.

However a privately contracted provider for medical software has provided 11 laptops to my company and, while they show perfectly connected wirelessly, they won't upload or download the 'data' from that company. The culprit "seems" (and they are just a company, cannot get much else from them just yet about 'other' such issues) to be WinSCP. A popup indicates it is being refused thru our firewall. I have ssh allowed (and SWs seem to allow FTPs and so forth anyway without having to do much)... I've allowed their domain in our Cont filtering configuration, so forth.

Anyone familiar with the TZ215... just not sure what else to do... thanks very much
aguen
Premium Member
join:2003-07-16
Grants Pass, OR

aguen

Premium Member

Your description of the network topology between you and the destination is somewhat confusing, along with what port(s) you have opened up in/out on your side and the destination side. Please clarify.

domnatr6
join:2001-03-06
Kyle, TX

domnatr6 to Bonedoc

Member

to Bonedoc
Do you have Gateway antivirus, antispyware and/or IPS enabled? Have you checked the logs? Sonicwall's come pre configured to let everything outbound, but restrict inbound.

My guess is IPS is enabled and is blocking communication, but you'll need to provide more detail so we can actually narrow this down.

--CDM
AsherN
Premium Member
join:2010-08-23
Thornhill, ON

AsherN to Bonedoc

Premium Member

to Bonedoc
My guess is local firewall/AV. I've never seen SonicWall product popup messages. The packets would just silently die at the firewall.
Bonedoc
Premium Member
join:2001-06-19
Chino Valley, AZ

Bonedoc to aguen

Premium Member

to aguen
The SonicWall is in Prescott, AZ... the software vendor's servers are in Northern CA.
I have not needed, in our other working TZ 215s, to specifically open any non-standard ports. I am not in front of the SW now but will check port config however not recalling anything that jumped out as 'specially' restrictive.
I will be back at the Sonicwall this AM (Thursday).
Thank you!
Bonedoc

Bonedoc to domnatr6

Premium Member

to domnatr6
Yes, those services are active on the sonicwalls...
And I will take a look at that this AM (normally can remote but right now my own comms are down) BUT the part that is interesting is that six weeks ago none of these issues were occuring... actually the last week of '14. Now since about the end of the first week in Jan it is able to connect to all other vendors, internet, emails, etc, but suddenly this is not working...
I will look more deeply into the IPS (see below for expanation of the message).
Thank you very much!
Bonedoc

Bonedoc to AsherN

Premium Member

to AsherN
Well, the 'pop up' is not Sonicwall's, sorry, should have clarified that. The popup window indicating a "failure to transfer WinSCP" is from within the 'vendors' software interface.
These machines measure 'brain waves'... record the data and then at set times all the data is uploaded (and not, say, thru a VPN or such but "I" think it is acting like that although the vendor has not been helpful in providing port numbers or specific protocols) and 'new' sessions are downloaded to be used by future clients.

So, and all these laptops have been provided by the vendor and are managed by the vendor remotely (yeah, I know), these machines 'can' connect to the internet, can surf (minimally as that has been restricted by them) and have NO AV or AM on them ... they all run off a single Unifi AP Ext device, there are 11 such laptops.

If I walk the laptop a few hundered yards to within one of our other 'Sonicwall' protected (we have five TZ215s - all configured to my knowledge 'identically') networks, CONNECTS and uploads, downloads immediately... we can go back to work.

I have sat next to two layouts of the two Sonicwalls, check each one for some difference and (while there must be) I've not found it.
I've opened up content filtering 'just in case' their is something in the domain but I doubted it and it made no difference. FTP and SSH, all allowed out, will check inbound.
Greatly appreciate the help
LittleBill
join:2013-05-24

LittleBill

Member

plug a laptop in via wire to the sonic, if it works, should point to the unifi
tomdlgns
Premium Member
join:2003-03-21

tomdlgns to Bonedoc

Premium Member

to Bonedoc
open up the sonicwall and start a packet capture. get the IP address from one of the laptops and fill out all the information on the capture/monitor sections in the sonicwall and start a capture. if everything is configured properly, you should see the packets. are the consumed, dropped, etc...? you can click on the dropped packet and see more information, below.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Bonedoc

MVM

to Bonedoc
Agree with most of the posts so far... I'd add "if you have a support contract with
Sonicwall, may be worthwhile to get their assistance on this."

Another thought is to try another SCP client, just for chuckles.

My 00000010bits

Regards
Bonedoc
Premium Member
join:2001-06-19
Chino Valley, AZ

Bonedoc to tomdlgns

Premium Member

to tomdlgns
Yes... did do a capture.
Set the IP to only the laptop we were working on (there are 11 however) and really only a few UDP packets dropped... now of course if it ws 'one' the was needed to complete the WinSCP connection but I don't know...
A tracert to the 'ip' of the 'server' running the software timed out... several times. Still an issue.
Thanks for the help.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Bonedoc

MVM

to Bonedoc
...may want to set that capture on the WAN interface of the sonicwall -- or if you have some way of putting a tap point outside of
the sonicwall like so

isp-->"sniffer"-->(WAN int) sonicwall tz215 (LAN int) 
 

Regards
Bonedoc
Premium Member
join:2001-06-19
Chino Valley, AZ

Bonedoc

Premium Member

Yes...
Will give this a shot and may well call SonicWall (Dell) as we do have a support agreement.
As an aside, all five of our Sonicwalls go thru 'static ip' addresses to one ISP's network.
A tracert from the 'bad' network hangs up three links out (never mind the ip addresses)... all the rest of the (4) routes 'do not even go there' (IP address completely different)... we've contacted GoDaddy (one of the iPs is their's in Phoenix, AZ) but I am rather suprised that there is a different route given all coming from basically one geographic spot to the 'same' IP address in CA.

Thanks again.