Monday, January 22, 2018

SonicWall Firewall: "Packet dropped; connection limit for this source IP address has been reached"

You know, I get some settings in some of these firewalls.  But sometimes, they can be annoying.  I ran into an issue on a SonicWall firewall that was causing a few internal users to reload a webpage four to five times to actually see the page.  You can image this being frustrating to the customer.
As I looked in the log entries to try to figure out what was going on, I came across this error message: "Packet dropped; connection limit for this source IP address has been reached"
Well, that doesn't look good.  There happens to be a rule under Firewall --> Access Rules (LAN --> WAN rule), where by default, there is an enabled setting that will probably cause you this issue.

So, I unchecked this setting, which again, is enabled by default.

That should work for you if you are seeing this issue.
Posted by No comments:

Monday, January 8, 2018

Cisco Firewall: How A Cisco ASA L2 Firewall Works (Transparent Mode)

I'd like to explain how the Cisco ASA L2 firewall works.  I find that most people really don't understand how this works, so I'm going to attempt to explain as best I can.

How A L2 Firewall Works (Transparent Mode)
As a packet comes into the Aggregation switch, destined for Server IP address of 10.10.1.30, that packet is destined for Vlan1273 on the Agg switch. As the Agg switch sends out an ARP request to get the MAC address of the Server 10.10.1.30, the ARP is sent out all ports with Vlan 1273 configured.  As the ARP comes into the ASA, it then broadcasts over across its bridge-group 30, and the destination is then within the Layer2 Vlan of 273.  It traverses back to the Agg switch, in Vlan 273, and all ports with Vlan 273.  The Leaf switch sees the ARP request, and forwards it out all ports with Vlan 273 (L2) on the Leaf switch.  The server gets the ARP request, and responds with its MAC address, traversing back across the Leaf switch, through the Agg switch on Vlan 273, and to the ASA on Vlan 273.  When the ASA receives the ARP reply, it forwards it back across the bridge-group 30 to Vlan 1273, and on to the Agg switch in Vlan 1273.  There is now two way communication, from Vlan 1273 across to Vlan 273, and vice versa. 

Notice that in the ASA configuration, the ACL allows all traffic GLOBALLY, for simplicity for our example.

Posted by No comments:

Saturday, January 6, 2018

Pic Of The Week: Broken Bone

Its interesting how the body can heal itself.  I did some research on how broken bones heal.  God is pretty amazing in how He created us to heal.  There is a process that the body goes through.  Below is, theoretically, when the second phase of healing should begin.  The bone in my hand is still broken, but should start rejoining back on the day this was taken.  Its interesting.

Posted by 2 comments:
Subscribe to: Posts (Atom)