Jump to content


Photo

Sonicwall Packets and Lavasoft Firewall


  • This topic is locked This topic is locked
4 replies to this topic

#1 Marrach

Marrach

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 21 May 2010 - 06:12 AM

We just installed a Sonicwall Firewall device-- and My PC has Lavasoft Firewall personal edition.

The problem begins when the Sonicwall sends what looks like a Mac address Ping to the PC. The Lavasoft Firewall responds in the PACKET LOG by saying the following:

BLOCKED | 00-11-22-33-44-55-66 -> 00-11-22-33-44-55-66 packet received | No Rule

The MAC address will be the same on both sides of the arrow-- and the MAC address will be MY PC's address.

This MAC address is set-up in the Sonicwall to assign me an IP address. But the way the Sonicwall works, it must 'ping' my PC and get a response in order for it to allow me access to the Internet. So long as the Lavasoft firewall BLOCKS this packet ping, I can see the LAN, but I can not get out to the WAN.

How do I formulate a rule to allow the Sonic wall to packet-ping my MAC address?

Thanks

#2 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 23 May 2010 - 09:56 AM

Here's a link to the users manual:

http://www.lavasoft....ll_3_manual.pdf

If you don't find an answer there, you should contact Lavasoft Customer Support via the link in my signature.
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.

#3 Marrach

Marrach

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 25 May 2010 - 05:00 PM

Here's a link to the users manual:

http://www.lavasoft....ll_3_manual.pdf

If you don't find an answer there, you should contact Lavasoft Customer Support via the link in my signature.


I looked through the manual-- it only tells you how the Firewall protects against ARP packets-- but it doesn't give any idea as to how to formulate a rule to allow it under particular circumstances

Additionally-- When I plug my laptop which has Lavasoft Firewall version 1 installed-- the ARP blocking does not occur and the Sonicwall allows me to go to the internet.

I posted a formal question to the Support Desk and am still waiting for answer. And I am researching ARP while I'm at it.

#4 Ad Astra

Ad Astra

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 881 posts

Posted 27 May 2010 - 07:48 PM

Hi

Could you compare the Firewall settings on the PC and Laptop and see if any of these are different:

Select Settings > Firewall > Network rules then click System-Wide rules then select low-level rules Is Block IGMP the same on both laptop and PC?

Select Settings > Firewall > Network rules then click ICMP settings. Are "Echo Reply", "Echo Request", "Router Solication" settings the same on both laptop and PC?

#5 Marrach

Marrach

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 01 June 2010 - 07:11 PM

Hi

Could you compare the Firewall settings on the PC and Laptop and see if any of these are different:

Select Settings > Firewall > Network rules then click System-Wide rules then select low-level rules Is Block IGMP the same on both laptop and PC?

Select Settings > Firewall > Network rules then click ICMP settings. Are "Echo Reply", "Echo Request", "Router Solication" settings the same on both laptop and PC?


Thanks for your reply-- and yes, I did reset all the ICMP and IGMP settings and more. I even UNINSTALLED Lavasoft and found the problem remained.

The answer was in the SONICWALL.

Somehow, while setting up the Sonicwall, when my PC was plugged into the main LAN control port of the Sonicwall, the Sonicwall took the MAC address of my PC and substituted it for the Default Hardware MAC Address of the router. It seems the Sonicwall and other enterprise level routers have the capability for the User to select/create a separate MAC address for the device other than the one wired to the hardware.

Thus, when my PC reconnected-- First Lavasoft perceived a MAC scan from the Sonicwall from a Device that had the same MAC address as the PC it was protecting-- Thus the Lavasoft reacted to it as an Attack and closed off the connection.

And on the Sonicwall side, duplicate identical MAC addresses prevented my PC from accessing the Internet/WAN.

The Lesson of the day-- Sonicwall is NOT like the general consumer based Router Firewalls. You will need to go through EVERY control interface one by one and look for any discrepancies, particularly the ones from the Log Files that seem to point AT Lavasoft.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users