You are heresonicwall


My Sonicwall TZ200 is Killing My Internet Speed

I have a fairly sophisticated setup for my Sonicwall TZ200. I have 3 internet connections: 1) A traditional T1 @ 1.544mbps, 2) AT&T DSL at 6mbps, and 3) Comcast at 24mbps.

I've played with various load balancing schemes, but what has worked best, until recently, is a simple failover system where all my outbound traffic goes out and comes in via Comcast, my email traffic uses the T1, and the AT&T connection acts as a backup connection.

When I tried some percentage based stuff, it worked, but when some users reported the connections being slow, it was always hard to tell who (which connection) was responsible.

Anyway, things were going swimmingly until just a few weeks ago when users began complaining about connections being really slow.

We had been making some changes recently because the TZ200 had been freezing up and Sonicwall had me redo the entire configuration by hand because of that. That issue turned out to be because we were using the DHCP server in the Sonicwall and that didn't cooperate with our Sonicpoint setup. The Sonicpoint would freeze up and stop shipping traffic for no reason. As soon as we moved the DHCP server to a Windows Server and shut that down, our Sonicpoint problem went away.

(I digress again...)

Anyway, after that, things had gone very well until, suddenly a few weeks ago, the performance on the wired network was just horrible! We are supposed to be getting 24mbps down from the Comcast connection, but we were lucky to get 10% of that. Our ping times were horrible at 500 to 1000 msec instead of the usual 20 or 30 msec.

Well, as sometimes happens, it took a lot of serious investigation to finally figure out what was wrong...

Isolating a Load Balanced Connection on a Sonicwall

When we were having problems testing the Comcast modem for problems, we also had some issues with testing. Whenever we tested the load balanced connection, we were never sure what connection things would go out on.

If you want to force the Sonicwall to route a particular device's traffic to a particular interface (ignoring load balancing's randomness or Sonicwall's route optimizations), then you need to create a routing rule. The rule overrides everything (until you delete the rule)...

Sonicwall and Sonicpoint Keep Killing My TCP Connections to Databases

I have a client that upgraded, due to some other issues, to a Sonicpoint wireless access point that directly connects to their Sonicwall firewall.

This solved a lot of problems, but one of the problems that lingered was that their database connections would get cut off at seemingly random times.

It wasn't one application, either. It was their connection to a postgresql database and a different program connecting to a Filemaker (Pro) server.

It took some real "sitting down" diagnostics to test this. Here's how I solved it...

False IP Spoofing Errors on Load Balanced Sonicwall

I have a sonicwall TZ200 with 3 internet connections that are set up to be load balanced. The internet connections are from 3 different providers providing a T1, an 8mb DSL, and a 24mb cable connection.

Connection A: T1 with public services behind a NAT firewall
Connection B: DSL
Connection C: Cable

Everything is peachy and load balancing works.

However, I wanted to set up a WLAN that didn't touch any of my primary network. The idea was to use this WLAN for guests. I could give them access to that and not worry about them having access to my internal resources, killing my DHCP addresses with their previously-assigned-home-addresses, or infecting the rest of my network with some lame malware.

Connection A: T1 with public services behind a NAT firewall
Connection B: DSL
Connection C: Cable <- Attached Router with WLAN

I picked up a nice industrial style wireless router and wired it to my cable modem. The cable modem has a static IP address range assigned to it. I let the wireless router pull an internal address from the cable modem, though (, and I was up and running.

The only thing was, whenever I tried to access the publicly available services behind my primary IP address (the NAT'ed devices on my business network), the Sonicwall would tag the traffic from my new WLAN as an IP SPOOF attempt and block it.

See, the Sonicwall looks at traffic coming in from Connection A and sees Connection C's IP address on it. Figuring that can't be, (X1 should not be getting traffic from X3), the Sonicwall protects me. But I don't want that!

I tried a couple of things like manual routing traffic to the direct connected port and a few other things and a little Googling did little for me.

The ultimate solution turned out to be kind of elegant...

Did this help you? You can help me!

Did you find this information helpful? You can help me back by linking to this page, purchasing from my sponsors, or posting a comment!

+One me on Google:

Follow me on twitter:

Affiliation Badges