When Windows Vista Business computers are using Linksys or Atheros wireless cards, it may become impossible to locate the SSID names for SonicPoint or SonicWALL appliances. The solution to this issue is to ensure the SSID beacon is not hidden and the interval is configured to 400 milliseconds or less on the SonicWALL UTM appliance. Follow these steps to check and modify this setting as needed.

SonicWALL TZ Series Wireless Appliances Running SonicOS Enhanced or Standard

1. Select Wireless > Advanced.
2. Make sure the Hide SSID in Beacon checkbox is disabled.
3. Set the value in the Beacon Interval (milliseconds) field to 400 or less.
4. Click Apply changes to this page.

SonicPoint Profiles

1. Select SonicPoint > SonicPoints.
2. Click the Edit icon next to the profile representing the SonicPoint(s) to which the Mac Book users are attempting to associate.
3. Select the 802.11g Adv tab.
4. Make sure the Hide SSID in Beacon checkbox is disabled.
5. Set the value in the Beacon Interval (milliseconds) field to 400 or less.
6. Click OK.
7. Click the Synchronize SonicPoints button to push the configuration change out to all governed SonicPoints.

Note: The SSID Beacon Interval may be configured on a SonicWALL TZ Series wireless appliance or a SonicPoint profile, but not at the Virtual Access Point level. Beacon Intervals configured for SonicPoint profiles apply to all VAPs. Set Beacon Intervals to a workable value that is as high as possible when VAPs are in use.

Computers/laptops that are associated with the WLAN zone of the firewall are unable to print to a wireless printer on the WLAN Zone.

Firmware

Sonic OS Enhanced 3.0 & above,4.0,5.0.

Platforms

All SonicPoints, NSA , PRO, TZ series(except TZ 50 and TZ 150)

Resolution or Workaround

By default, SonicWALL blocks inter-client communication on the Wireless Zone as a security measure. Therefore, wireless devices cannot communicate with each other.

Wireless printers use different ports for receiving print jobs from users (Eg: Most of the Printers use Standard Port 9100 (TCP and UDP)).By opening the necessary printer ports from WLAN to WLAN, we can enable client to printer communication. If you are not sure you can use “ANY” service and do packet captures to find out what ports are being used and then eventually you can restrict access to only those ports.

Note: Please contact your printer manufacturer to know the exact port numbers used by your printer.

Please follow the outlined steps to Add an access rule to allow the communication

1) Login to the SonicWALL Appliance, go to Firewall > Access Rules.
2) Select Matrix Style Viewing and select WLAN > WLAN.
3) Click on Add button and configure the following;     

Action: Allow�
From Zone: WLAN
To Zone: WLAN
Service: The custom created Service for printing (Usually TCP & UDP port 9100 is used)
Source: Any
Destination: The address object for the printer on the WLAN
Users Allowed: All
Schedule: Always on
Comment: Add a comment that gives the purpose of the rule (Eg: Print from WLAN to WLAN)

Click Here to view an illustration of the rule

4) Click Ok to add this rule

The computers/laptops that are associated with the wireless zone of the Sonicwall UTM appliance with SonicOS Enhanced firmware are unable to send print jobs to a printer on the LAN. Similarly wireless devices associated with a SonicPoint(which in turn is connected to one of the TZ/PRO/NSA Firewalls) are unable to send print jobs to a printer on the LAN.

Resolution or Workaround

By default, SonicWALL blocks traffic from Wireless to LAN (click here to see the Default Access Rule), therefore wireless devices will not be able to communicate to the printer on the LAN Zone.

Printers use various ports for receiving a print job from users (Eg: Most of the Printers use Standard Port 9100 (TCP and UDP)),  opening the printer port (Eg: port 9100) from WLAN to LAN Zone resolves the issue.

Follow these steps to Add an Allow rule from WLAN to LAN:

1) Login to the SonicWALL Appliance, go to Firewall > Access Rules.
2) Select Matrix Style Viewing and select WLAN > LAN.
3) Click on Add button and configure the following;  

Action: Allow�
From Zone: WLAN
To Zone: LAN
Service: The custom created port for printing (Usually TCP & UDP port 9100 is used)
Source: Any
Destination: The address object for the printer on the LAN
Users Allowed: All
Schedule: Always on
Comment: Add a comment that gives the purpose of the rule (Eg: Print from WLAN to LAN) 

 Click Here to view an illustration of the rule

4) Click Ok to add this rule

Alternatively attach the printer to a windows server or pc, and use printer sharing.

Note: Please contact your printer manufacturer to know the exact port numbers used by your printer.

NetBIOS is required to allow Windows operating systems to browse for resources on a network (eg: LAN/DMZ/WLAN, etc.).  

Two steps are needed to resolve this issue:

Step 1: Modify the existing WLAN to LAN Deny access rule to Allow.
Step 2: Adding IP Helper Policy for NetBIOS. 

In SonicOS Enhanced the IP Helper feature helps broadcast/multicast packets to cross a firewall’s interface and be forwarded to other interfaces based on policy. IP Helper NetBIOS Policy allows you to forward NetBIOS broadcasts from one interface to another interface. The IP Helper NetBIOS relay acts specifically on UDP 137 (NetBIOS Name Service) and UDP 138 (NetBIOS Datagram) broadcast traffic to enable broadcast node (b-node) style name resolution (e.g. Network Neighborhood) across subnet boundaries.

Scenario:

In the following scenario the X0 interface is configured in the LAN zone with IP address 192.168.168.168/24 and the X2 interface is configured in the WLAN zone with an IP address 172.16.32.1/24.

Resolution:  

Step 1: Modify the existing WLAN to LAN Deny access rule to Allow. 

Note: Traffic from the wireless network to wired network (LAN) is blocked by default. However, users can change this restriction by changing the default rule in the Sonicwall UTM appliance. This will enable them to allow either all or some traffic between the wireless and wired network.

1. Login to the SonicWALL Management Interface
2. On the Firewall > Access Rules page, display the WLAN > LAN access rules.

3. Click on the configure button on the far right side of the rule.

4. Change the Action from Deny to Allow.

 

1.  Login to the Sonicwall management interface. 2.  Navigate to the Network > IP Helper page. 3.  Select the Enable IP Helper checkbox and click Apply. 4.  Select the Enable NetBIOS Support checkbox and click Apply. 5.  Click the Add button below the IP Helper Policies table. The Add IP Helper Policy window is displayed. 6.  Select NetBIOS from the Protocol menu. 7.  Select WLAN Subnets from the From menu. 8.  Select LAN Subnets from the To menu. 9.  Enter an optional comment in the Comment field. 10. Click OK to add the policy to the IP Helper Policies table.

Please Note: Follow the above mentioned steps and create another policy from LAN to WLAN subnets.

Conclusion:

With these policies in place Wireless clients will be able to connect to the LAN segment using NetBIOS names and browse shared resources. Likewise, wired computers on the LAN segment will be able to connect to the wireless clients using NetBIOS names.

Some troubleshooting considerations:

1. Make sure the Wireless client and the computer being accessed has File and Printer Sharing enabled under Network Adapter Properties.
2. Make sure the Windows Firewall or any other Personal Firewall/Anti-virus application is disabled.
3. On the wireless network adapter enable NetBIOS over TCP/IP. (Refer: http://technet.microsoft.com/en-us/library/bb727013.aspx)

In all Sonicwall UTM Firewall appliances, traffic from the wireless network (WLAN) to the wired network (LAN/DMZ) is blocked by default. However, in certain cases wireless computers may need to access a server or a printer on the LAN/DMZ network segment. This can be accomplished by changing the default Deny rule to an Allow rule.
Procedure:

1. Log in to the Sonicwall management interface�
2. Navigate to the Firewall > Access Rules page
3. Open the WLAN to LAN page.�

4. Click on the configure button on the far right side of the rule.

5. Change the Action from Deny to Allow.

6. Click OK to save the change.

Try to ping a device on the LAN side from a wireless computer and you will be able to get a reply.

- How to fix Sonicwall Global VPN Client (v4.x) issues in Windows 7.

If you get the “Failed to load IPSec driver” error rebooting from install of Sonicwall vpn software then follow this 7 step guide to get it fixed.

It is not an issue with the GVC software in itself as it works before the initial reboot, but Sonicwall IPSec Driver seems to experience some issues under windows 7. What else is new!

Here’s how you fix the bugger!
1. Install SonicWall VPN client
2. Reboot
3. Open device manager
4. Click “View”, then “Show Hidden Devices”.
5. Expand “Non Plug n Play Drivers”
6. Open the SonicWall IPSec device and set startup type to Automatic
7. Click Start to get the driver up again.
8. Reboot again to check if your new settings worked.