Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Cannot access servers on our network by public IP address that are behind firewall with NAT

I searched and searched, so I'm starting to wonder if I'm just using poor criteria or describing my issue poorly.  I've narrowed it down to something having to do with NAT or routes...

So here's the scoop.

We have two networks on our LAN that are trusted.  For purposes of this question, We'll call them X0 and X2.  X0 PRIMARY LAN and X2 OFFICE LAN.  

We have servers sitting behind the router for WEB, FTP, etc.  Users from X0 can access our public sites just fine without any issues that are behind this router.  The sites are all behind the router/firewall with public IP's but have one-to-one NAT in use that forward to a local address on the X0 interface from the public side.

Now... when users from the X2 interface try to access public sites that have servers on the X0 interface,  they cannot.  

Sounds like either a route issue or a NAT policy.  This is a Sonicwall product, but either way, this issue may be too specific for a general answer?
0
jgantes
Asked:
jgantes
  • 2
  • 2
1 Solution
 
poweruser32Commented:
sounds like a route issue-are you using vlans-can they ping the servers or access them by ip address
0
 
jgantesAuthor Commented:
Can't ping or access them by IP.  Various servers, FTP, Web, etc.

X0 Network ---  Web, FTP Servers, IT

X2 Network --- All other users

Both have their own GW and go out on another interface that we've specified as WAN.  However, X2 can't come back in...
0
 
budchawlaCommented:
Sounds like basically what's happening is that you've got policies on the X0 that allow traffic in from the WAN, so it works for the rest of the world, but the traffic from X2 isn't coming from an address object that belongs in the WAN zone, hence it can't pass.

If you have available public IPs, I would create NAT policies that restrict users of the X2 interface to a different public IP to the one that can be used by the X0 interface... this may sort it.

Alternatively, adjust your NAT policies & firewall rules for the X0 servers so that you're allowing traffic in from not just the WAN, but ANY... or you may want to create separate rules, depending on your setup & specific requirements.

hth

bud

0
 
jgantesAuthor Commented:
Thanks Bud, that's what we did actually just before I read your post (or something very close to it).  It appears to be working, but I only created on rule and we're actually contemplating leaving their access off now that we went through all of this.

Thanks for the solution, very helpful.
0
 
budchawlaCommented:
Glad to help...
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now