I have a Windows server 2012 standard edition installation in a private LAN acting as an LDAP authentication server for the Sonicwall firewall that is between the server and the internet.
The server had worked successfully in this mode for a few days of use and then it suddenly began dropping all IP and ICMP packets sent to it from the sonicwall gateway.
Packet captures on the sonicwall show traffic (ICMP pings and HTTP requests) coming from the Server and responses being sent back to the server from the sonicwall, but the server only shows traffic going from the server.
Packet capture on the server shows ARP request from the server to the sonicwall IP addressand the corresponding ARP response from the sonicwall being recieved by the server. Same packet capture on the server shows the subsequent ping (ICMP) request from the server to the sonicwall, but never shows any ICMP response.
The server can communicate with any other IP on the private LAN successfully.
I changed the Sonicwall's internal IP address to another available address on the Private lan, and configured the server to use the new address as its gateway. Things worked for two days with successful connections from the internet to the sonicwall and inbound to the server via the Sonicwall's SSL-VPN and related LDAP authentication to the server.
Then today the server started blocking traffic from the new IP address of the Sonicwall again. same symptoms.
Disabling windows firewall does not change the behavior. Adding a specific rule to the windows firewall allowing all traffic from the gateway address does not change the behaviour.
I'm unable to locate any events in the logs that show some policy is being applied to automatically restrict the traffic from the gateway.
