Installing a new firewall always presents a challenge. In this case it was our ERP client, SBClient, timing out after 15 minutes of inactivity across the VPN. I started with the excellent Sonicwall VPN troubleshooting guide.
Running Wireshark on the client, I see a RST packet coming from the ERP server at 15:01 which corresponds to a 15 minute timeout on TCP connections over the VPN connection. I modified four rules for LAN->VPN and the reciprocal on both end sonicwalls for 60 minute TCP timeout values. Here you can see a reset packet when properly closing our ERP client. The timeout reset packets do not contain the ACK on them, only a 0x4 RST packet. These are actually being generated by the sonicwall.
One gotcha that I fell into was the modification of the firewall access rules. You must modify both the LAN => VPN and the VPN => LAN on both sides. Modify the TCP timeout values on the Advanced tab.
No comments:
Post a Comment