No Internet when connected to WLAN

Description

When connected to built in wireless or SonicWall access points, users are not getting access to the Internet. Unable to ping a public IP on Internet or firewall authentication page is disabled when trying to access websites. At the same time LAN users can access Internet.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.


  1. Check if the client is getting a valid IP address. If not check the DHCP scope for WLAN interface in Network | System | DHCP Server. Make sure DHCP scope is configured and enabled.
  2. Check if the client can ping gateway (WLAN interface IP).
  3.  Make sure the below NAT policy is auto added. Navigate to Policy | Rules and Policies | NAT Rules.
    Original Source: Any
    Translated Source: WAN Primary IP/X1 IP
    Original Destination: Any
    Translated Destination: Original
    Original Service: Any
    Translated Service: Original
    Inbound Interface: W0/SonicPoint Connected Interface(for instance X4)
    Outbound Interface: X1

    Image


  4. Make sure access rule from WLAN to WAN is allowed, navigate to Policy | Rules and Policies | Access Rules.
    Source: Any
    Destination: Any
    Service: Any
    Action: Allow
    Users Allowed: All

    Below is the screenshot of access rule allowing communication from wireless clients to Internet.
    Image
  5. Make sure Guest Services is disabled in WLAN zone (Object | Match Objects | Zones) .
    Image
  6. For users that are not using the SonicWall access points please confirm under the WLAN zone (Object | Match Objects | Zones) that the option Only allow traffic generated by a SonicPoint/SonicWave is disabled.
    Image

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


  1. Check if the client is getting a valid IP address. If not check the DHCP scope for WLAN interface in Manage | Network | DHCP Server. Make sure DHCP scope is configured and enabled.
  2. Check if the client can ping gateway (WLAN interface IP).
  3.  Make sure the below NAT policy is auto added. Navigate to Manage | Rules | NAT Policies.
    Original Source: Any
    Translated Source: WAN Primary IP/X1 IP
    Original Destination: Any
    Translated Destination: Original
    Original Service: Any
    Translated Service: Original
    Inbound Interface: W0/SonicPoint Connected Interface(for instance X4)
    Outbound Interface: X1

    Below is the screenshot of the NAT policy which translates the traffic coming from the remote GVC user, as it goes through the WAN of the firewall towards the Internet.
    Image

  4. Make sure access rule from WLAN to WAN is allowed, navigate to Manage | Rules | Access Rules.
    Source: Any
    Destination: Any
    Service: Any
    Action: Allow
    Users Allowed: All

    Below is the screenshot of access rule allowing communication from wireless clients to Internet.Image

  5. Make sure Guest Services is disabled in WLAN zone. Following is the screenshot of packet capture showing packets getting received from wireless client to a public IP on Internet and not getting forwarded due to guest services misconfigured on WLAN zone.
    Image

  6. For users that are not using the SonicWall access points please confirm under the WLAN zone (Manage | Network | Zones) that the option Only allow traffic generated by a SonicPoint/SonicWave is disabled.
    Image


Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.


  1. Check if the client is getting a valid IP address. If not check the DHCP scope for WLAN interface in Network | DHCP. Make sure DHCP scope is configured and enabled.
  2. Check if the client can ping gateway (WLAN interface IP).
  3.  Make sure the below NAT policy is auto added.
    Original Source: Any
    Translated Source: WAN Primary IP/X1 IP
    Original Destination: Any
    Translated Destination: Original
    Original Service: Any
    Translated Service: Original
    Inbound Interface: W0/SonicPoint Connected Interface(for instance X4)
    Outbound Interface: X1
    Below is the screenshot of the NAT policy which translates the traffic coming from the remote GVC user, as it goes through the WAN of the firewall towards the Internet.
    Image

  4. Make sure access rule from WLAN to WAN is allowed.
    Source: Any
    Destination: Any
    Service: Any
    Action: Allow
    Users Allowed: All
    Below is the screenshot of access rule allowing communication from wireless clients to Internet.
    Image

  5. Make sure Guest Services is disabled in WLAN zone. Following is the screenshot of packet capture showing packets getting received from wireless client to a public IP on Internet and not getting forwarded due to guest services misconfigured on WLAN zone.
    Image

  6. For users that are not using the SonicWall access points please confirm under the WLAN zone (Network | Zones) that the option Only allow traffic generated by a SonicPoint is disabled.Image

Related Articles

  • TOTP based two-factor authentication for management by Admin user using SonicOS API
    Read More
  • Two-factor authentication using TOTP for Management by User with admin privileges
    Read More
  • How do I configure Two-factor authentication for the Admin login with TOTP?
    Read More

Categories

Firewalls
TZ Series
Networking
Secure Wireless
SonicPoint Series
Secure Wireless
SonicWave 400 Series
Firewalls
NSa Series
Networking
not finding your answers?
Ask the Community
was this article helpful?
YesNo