Wednesday, January 03, 2007

SonicPoint's Eat UDP 14443 Connections

A while back I had a student call me from their sorority house reporting problems with their SonicWALL. The installation had started as one small wireless device/router, the TZ50W. When the signal seamed too weak to cover the entire house, they moved up to a slightly more powerful SonicWALL TZ170W. When that didn't work, we paid them a visit. It turns out that the house was gigantic and there was no chance that the wireless signal would flow through the 100+ year old plaster walls and solid wood floors. The solution was clear - we would need SonicPoints!

SonicPoints allow you to create one wireless profile (SSID, encryption scheme, etc) and then plug in a slew of wireless access point devices that use it. The catch is, of course, that you have to run physical cables between each SonicPoint and the one SonicWALL device (sometimes defeating the point). The good news is that this is a great solution for a multi-floor home like the sorority house - and if power is a problem you can purchase a POE switch and plug your SonicPoints into that.

Just when you think you are done troubleshooting, I got an emergency phone call. The SonicWALL was dropping connections left and right, and many students in the house were reporting "no Internet access". I was able to connect into the SonicWALL and have a look. What I expected to find was one or two students running excessive filesharing, and eating up all the active connections of the main device (fairly common in residential University settings). What I ended up finding was that the SonicPoints themselves were running the SonicWALL out of active connections! It looked something like this ...

In the case of the sorority house, there were literally thousands of UDP connections on port 14443. They were clearly coming from the SonicPoints. While I knew that the SonicPoints would open some line of communication with the SonicWALL for profiles and such, I knew that this couldn't be normal operation. I had them reboot the SonicWALL and it went back to normal. But only a few minutes later the connections started appearing again.

A call into SonicWALL reveals "this is a known issue". Also an apparently "undocumented known issue" with the current Enhanced Firmware, version The fix to this problem is to "roll back" to earlier firmware (nothing I ever like to do). But alas, I rolled back the firmware to and the extra connections went away. Case closed?

Today we had another customer call in for unrelated problems. They too have SonicPoints. They too use Enhanced Firmware. They too have several hundred UDP connections opened with their SonicPoints. I wonder who else has had this problem? Have you? Leave me a comment. Hopefully SonicWALL will fix this with the release of version 3.5.

-Steve Ballantyne