Our Sonicwall vendor supplied and networked the NSA240 when we required a DMZ in our infrastructure. This was configured and appeared correct although VPN users periodically dropped DNS and Terminal Services. The vendor could not resolve and so the call was escalated to Sonicwall.

The Sonicwall support engineer took a look and concluded that the X0 (LAN) and X2 (DMZ) intefaces were cabled to the same switch and so this is the issue. What he observed is a ping request to the LAN Domain Controller, from a connected VPN user, is forwarded (x0) from the VPN client IP to the DC IP but the ping response from the DC IP to the VPN client IP is on X2, a copy of the log is detailed below:-

02/02/2011  10:47:49.272  X1*(hc)  X0  192.168.1.245  192.168.1.8   IP  ICMP  --  FORWARDED
02/02/2011  10:47:49.272  --       X0* 192.168.1.245  192.168.1.8   IP  ICMP  --  FORWARDED
02/02/2011  10:47:49.272  X2*(i)   --  192.168.1.8    192.168.1.245 IP  ICMP  --  Received

• X0 - LAN
• X1 - WAN
• X2 - DMZ

The Sonicwall engineer concluded that we either need a seperate switch for X2 or we use a VLAN switch for both.

I am the companies software engineer and we have yet to have heard back from the vendor, so I am lost at sea at the moment. Do we need to buy this additional equipment or is there another configuration on the NSA240 we can use?