Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Internet connection not working after new firewall install

Posted on 2005-05-08
17
Medium Priority
?
216 Views
Last Modified: 2010-04-19
    I have a 2003 server with exchange 2003 that will not connect to the internet through internet explorer. Here is what has happened and what I have found to work. We just upgraded to a Sonic wall pro 2040 with WAN load balancing, I have a 6MB cable connection for the primary WAN and a 1GB Fractional T1 for the failover. All of the computers on the network look to the 2003 server for DNS and get on the internet without any problems and if I ping a site from the server I get the correct reply so DNS seems fine. Norton Corporate will also do updated which seems really strange. It gets better though, my exchange server receives mail but will not send mail and the stragest thing of all is that if I unplug my cable connection from the firewall so it fails over to the T1 I can get on the internet and my exchange server sends mail. When I plug my Cable connection back in the internet stops working again. I do not have to change anything on the server for this to work. It seems like a gateway problem at first but my firewall is the gateway and it works with the T1. I know that I'm spoiled but I would like to use my 6MB connection over my T1, please help.

Thanks,
Nick
0
Comment
Question by:ntobin
  • 9
  • 7
17 Comments
 
LVL 10

Expert Comment

by:Seelan Naidoo
ID: 13957789
seems like you have to explicity allow HTTP (port:80) and SMTP (port:25) on your new firewall, and any other traffic thats required.
0
 
LVL 5

Expert Comment

by:KevNet
ID: 13957966
Do you have your firewall/routers setup correctly for the two connections and your routing tables and firewall settings correct??
Seems like its all correct for the T1 but when your trying to use the other it all goes wrong.
Its the first place I would start looking
0
 
LVL 1

Author Comment

by:ntobin
ID: 13958554
The firewall has all outbound traffic allowed. All other PCs on the network can get to the internet on both connections. I think that the problem is somewhere on the server. I will however look again at the settings to tripple check.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 5

Expert Comment

by:KevNet
ID: 13958592
are you routing mail through your own DNS servers or external as ISP DNS or SMTP connector??
Does your exchange server point at your DNS server or does it have its own settings including those of the ISP?
0
 
LVL 1

Author Comment

by:ntobin
ID: 13959529
My exchange server uses our own DNS server using the default SMTP Virtual Server. Our DNS is on the 2003 server and har forwards setup the point to our isp DNS. The 1st and 3rd forwarders are for the cable connection and the 2np and 4th are for the T1. This is not just an exchange problem it seems it is an internet connection problem.
0
 
LVL 5

Expert Comment

by:KevNet
ID: 13959619
Silly question but - The TCP/IP settings on the exchange server network adapter/s have the IP address for the Local DNS server - no others right??
0
 
LVL 1

Author Comment

by:ntobin
ID: 13960004
The server has 2 adapters, one is disabled and the other has its IP as the DNS. No matter which line is plugged into the Firewall I can ping out correctly to site on the internet.
0
 
LVL 5

Expert Comment

by:KevNet
ID: 13960181
Hmm strange.
So all other computers connect whatever the connection?
Only the exchange server plays up when not using the T1??
You cant access the internet and cannot send mail when on the other 6MB connection.
From an outside point of view this still smells like DNS issues, how are you pinging? an external IP address or a DNS site name.
Have you tried putting the External DNS server addresses directly in the TCP/IP DNS settings on the exchange server itself?
In this order

1st: LAN DNS
2nd: MAIN ISP DNS Server1
3rd: MAIN ISP DNS Server2
4th: BACKUP ISP DNS Server1
5th: BACKUP ISP DNS Server2

?????
0
 
LVL 1

Author Comment

by:ntobin
ID: 13961379
All other PCs on the network access the internet no matter what connection is on, the server is the only PC that won't connect with the 6MB connection active. When I ping I try sony.com and cnn.com and both work with each connection. I tried to put the internet DNS settings in the network card TCP/IP settings in many configurations but none worked. It seems like DNS is functioning fine. I also did the following after each time I changed the forwarders in DNS last night:
Ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start nedlogon

I know its a strange one, thats why I gave so many points.
0
 
LVL 5

Expert Comment

by:KevNet
ID: 13961609
Indeed this is a very strange one, if all the other computers are working fine in all circumstances.
Certainly scratching my head!
Have you tried disconnecting the T1 so you are on the 6meg line and re-boot the server.
You havent misconfigured any NAT rules in the firewall for that particular server connection to the 6meg service???
I assume that each connection has seperate static IP's so would need two sets of rules for each one??
If you have NAT for SMTP and HTTP for some reason? OWA?? This could explain why that specific machine is getting the problems on that connection only and no other machine
0
 
LVL 5

Accepted Solution

by:
KevNet earned 2000 total points
ID: 13961696
If the NAT rules were messed up for the 6meg, when that was online instead of allowing port 25 and port 80 inbound to that server IP address, it could be blocking it outgoing.
If its all correct for the T1 line then you wouldnt have the problem.
No clients should have NAT rules so wouldnt be affected either way, which is why they all work whatever?

Just thinking aloud!
0
 
LVL 1

Author Comment

by:ntobin
ID: 13962163
Beacuse this firewall has failover between the two internet connections I left the setup as standard as possible. Both connections have all outbound traffic open. The T1 has ports open for SMTP, OWA and Terminal Services. I have sent in a trouble ticket to sonic wall but I have not heard back yet. The way that I think it works is that the router does nat for both connections the same way since I have not changed anything. All I did was add rules for inbound traffic and did not change outbond traffic. Since all workstations get on no matter what the connection it seems that the problem is on the server. If NAT was blocking because of my rules wouldnt it block the other PCs also.
0
 
LVL 5

Expert Comment

by:KevNet
ID: 13962467
The other PC's only use the outgoing rule which works fine whatever you dont normally point NAT rules at client PC's.
When you need to direct stuff inbound, this is normally only to servers for web hosting or email services etc.
the NAT rules would poss not be the same for both connections as they would in theory have diff static public IP addresses being on diff ISP networks??
As an example
If you had a rule for a public IP of 82.152.18.11 running on the 6meg, pointing inbound port 80 at server LAN IP of 192.168.1.205 and it was around the wrong way this could block all outgoing traffic from that server when that public IP was in use.
If it then changed to T1 with say IP 62.49.94.218 this could invoke a seperate NAT rule for that connection thats configured and works ok.


0
 
LVL 1

Author Comment

by:ntobin
ID: 13967243
You are on to something now! I changed my server IP by one number and I got on the internet. Why didn't I try that in the first place. I still have my support request into Sonicwall and I will let you know how they say to correct it. I didn't seem right since my incoming rules applied only to the T1 not the 6MB. Progress!
0
 
LVL 5

Expert Comment

by:KevNet
ID: 13967289
Excellent!
That def says there is some sort of rule configured against that servers IP address in the firewall for those ports.
If your other software such as norton update etc works ok, could well be as there is no NAT rule for the port it is using so just gets thrown in with the allow all outbound rule.
The more I think about it the more it seems like a duff rule or setting somewhere.
Other than that could be that you need to update the software on the firewall - im sure Sonicwall should be able to tell you that.
Let me know how you get on
0
 
LVL 1

Author Comment

by:ntobin
ID: 13979175
OK after dealing with Sonic Support and having all of my internet connection go down for an hour while we deleted the wrong rules, this is what we found. The wizard that creates the incoming rules for the firewall also creates NAT rules. NAT rules for the Enhanced OS which is what I have for failover support are 1 to 1, so from my understanding the wizard only created rules for the incoming and out going rules on the T1 connection but failed to create a rule for the 6MB connection even though it was the primary connection. Thank you for all your help.
0
 
LVL 5

Expert Comment

by:KevNet
ID: 13979226
Thanks for the feedback - glad I could be of help
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Learn about cloud computing and its benefits for small business owners.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question