Wireless Access

New Contributor

firewall and roaming

Hello everyone,


I have a problem with my firewall, a Sonicwall NSA 3600.
It seems that it doesn't allow wireless clients, roaming to another AP, to connect to the Internet.
I use my only two AP-135 as campus access points, they are connected to a controller 620. The controller is connected to a powerconnect 7048 switch and the switch to the sonicwall.
If a wireless client doesn't try to roam to another AP, it is able to connect to the internet and to our local network. If is roaming, it loses its internet connection even though it is still able to ping the switch and local servers.
The sonicwall's log doesn't show that it denies packets from wireless clients and I don't undersant how it can be aware of the roaming


Maybe someby had a similar problem with a Sonicwall or another firewall brand.



Controller Aruba W-620
|                   \
AP1            AP2



Thank you for your help.

Guru Elite

Re: firewall and roaming

Where is the client?s gateway located? On the controller or upstream?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: firewall and roaming

Sorry, I am not fully proficient in English and I am not sure to understand what you ask.


The client is in a VLAN and its gateway is on the powerconnect layer 3 switch.
There is a trunk link between the powerconnect and the controller because I have two WLAN (guest and corporate).
Finally, the powerconnect has a default route to forward all the traffic to the Sonicwall

Valued Contributor I

Re: firewall and roaming

This sounds very strange.


How long have you had the equipment live? And has this happened from the very start of use?


There's no "normal" reason for this. You could post your entire controller config which might help spot anything important/relevant?


When you see the issue, does the client still have an ARP entry for the Sonicwall (which I assume acts as the user's default gateway)?


As an extension to the last question, does the issue affect ALL types of traffic destined to the internet? Like HTTP, ICMP and FTP?

Kudos appreciated, but I'm not hunting! (ACMX 104)
Valued Contributor I

Re: firewall and roaming

Just saw you last post, so ignore my ARP question.


You could post your config. That will help check some things.

Kudos appreciated, but I'm not hunting! (ACMX 104)
Search Airheads
Showing results for 
Search instead for 
Did you mean: