Solved

WatchGuard Firewall - How can I point to another web server on my network.

Posted on 2006-06-13
6
513 Views
Last Modified: 2013-11-16

Zero expertise with my WatchGuard firewall other than being the onsite monkey while the WatchGuard tech walked me thru installing it and setting it up.

Ok Ok. Maybe not giving myself enough credit.  I DO know how to get into Policy Mgr. and do the basics.

To my question.  Running Outlook Webaccess on my Exchange 2003 server.  If I or my users want to chech their webmail they go: 65.154.98.141\EXCHANGE (where EXCHANGE in the actual DNS name of my Exchange server).

But let's say I want to play and I have IIS running on another server, say, APPLICATIONS.

How do I configure my Firewall so I can go 65.154.98.141\APPLICATIONS and see any test websites that I'm running on APPLICATIONS.

I'm using NAT on the firewall to translate the external IP to the internal IP of EXCHANGE but it seems that it will only let me do one; in other words I can't add a second NAT for APPLICATIONS.

Any thoughts???
0
Comment
Question by:mbath20110
  • 2
6 Comments
 
LVL 4

Expert Comment

by:rliu1112
ID: 16898047
here is one way (easiest I think...) lets just use the same IP address...

first, I am assuming that your web server is called APPLICATIONS. and your test web sites are located on APPLICATIONS as subfolders or files under "wwwroot" folder of your IIS?

on your firewall, use NAT to map the TCP port 80 or the external IP (65.154.98.141) to the internal address of your web server (APPLICATIONS). so now all HTML traffic will be directed to the APPLICATIONS machine's "wwwroot" folder (given that it is an IIS machine).

so to test, place a sample web page into the wwwroot folder and lets call it default.htm for now, then use IE and browse to http://65.154.98.141/default.htm and you should see that web page

now, I don't really know how your test sites are created or stored... but its generally created as sub folders under the wwwroot folder. So lets say that I have a test site called TESTSITE01. it would be physically located on \\APPLICATIONS\wwwroot\testsite01.

Then use IE and browse to http://65.154.98.141/testsite01/yourwebpage.htm

I hope this helps...
0
 

Author Comment

by:mbath20110
ID: 16911068

Thanks for respsonding RLiu,

I think you've got me on the right track but the sticking point is, I want to preserve the IP NAT to my Exchange server (so my users can keep getting OWA).

So to refine my question, if I want to leave in place, 65.154.98.141/EXCHANGE, how do I add 65.154.98.141/APPLICATIONS, which is where, as you correctly stated, my test website would be?

Or, is this even something that should (can) be done via the firewall?  Can I do some internal mapping or sharing of folders on Applications that points to Exchange?

And maybe my larger question is,  is what I'm proposing really proper network design?  Should I really be hosting websites on different machines in my network?  If I've already got IIS running on my Exchange server then that's where any and all other websites (internal or external) should be located.

Thanks again.
0
 
LVL 4

Accepted Solution

by:
rliu1112 earned 500 total points
ID: 16921335
I see....

It is best to have the web server and the exchange server on different boxes. here is what I did, hope this could shed some light for your scenerio....
1) point the web port (80) to the web server
I think based on your info, you have it pointed to the Exchange server for now so OWA would work?
2) create an virtual web on the IIS called EXCHANGE
3) within the Virtual web properties, point it to the OWA folder on the Exchange box
the catch here is that these two machines has to be able to see and share with each other.

So now, web traffic for 000.000.000.000/exchange points to the OWA folder of the exchange box and 000.000.000.000 goes to the wwwroot folder on the web server (iis) and 000.000.000.000/applications points to the applications subfolder within wwwroot on the iis.

I think the OWA folder is the \...\exchsvr\webdata folder on the exchange server... have to go check...

I hope this works for you.....
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question