Thursday, July 8, 2010

Sonicwall troubleshooting with SBClient over VPN

Installing a new firewall always presents a challenge. In this case it was our ERP client, SBClient, timing out after 15 minutes of inactivity across the VPN.  I started with the excellent Sonicwall VPN troubleshooting guide.

Running Wireshark on the client, I see a RST packet coming from the ERP server at 15:01 which corresponds to a 15 minute timeout on TCP connections over the VPN connection.  I modified four rules for LAN->VPN and the reciprocal on both end sonicwalls for 60 minute TCP timeout values.  Here you can see a reset packet when properly closing our ERP client.  The timeout reset packets do not contain the ACK on them, only a 0x4 RST packet.  These are actually being generated by the sonicwall.


One gotcha that I fell into was the modification of the firewall access rules.  You must modify both the LAN => VPN and the VPN => LAN on both sides.  Modify the TCP timeout values on the Advanced tab.


No comments:

Post a Comment