Solved

Setting up Windows server behind firewall.

Posted on 2009-04-07
5
350 Views
Last Modified: 2013-11-16
I have a new installation of Windows Server 2003 standard as a domain controller.  I have a Sonicwall Pro 100 firewall.  I have static IP's and a DSL connection.  I have access to the router and firewall setup screens.  When I connect the server to the router directly, the internet connection works fine, but not when it's behind the firewall.

What steps do I need to take to configure things for a standard but secure setup as the foundation for my small office LAN?
0
Comment
Question by:rreiss60
5 Comments
 
LVL 9

Assisted Solution

by:cmorffew
cmorffew earned 50 total points
ID: 24088724
Have you configured the Firewall to allow local LAN access?
Refer to pages 30-38 of the manual.

make sure you configure for NAT enabled configuration page 35

If you dont have the manual - you can download it from here: http://safemanuals.com/user-guide-instructions-owner-manual/SONICWALL/INTERNET%20SECURITY%20APPLIANCE-_E
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 100 total points
ID: 24088794
Well,  general rule of thumb is to make things as restrictive as possible allowing only the services you need to bypass the firewall.   The firewall will control traffic going both in and out so it can enforce whatever security policies you have.  

For a basic setup, (and this is just an example), you would allow all hosts on the inside to go out to the web using the interface address for NAT, but block all incoming traffic.    

The Sonic Wall has a quickstart guide here:
ftp://ftp.sonicwall.com/pub/info/installation_guide.pdf

It will give you a nice walk through in setting up that basic scenario.  

To better help define what your firewall would look like, you should begin by asking, "What do I want people to access?" and "What do I want the world to access in my network?"    

With those answered, you can begin a simple setup.
0
 
LVL 16

Accepted Solution

by:
ccomley earned 200 total points
ID: 24088956
if you have it workign withOUT the firewall, easiest way would be to set the firewall up in transparent mode - this way the firewall does not act as a ROUTER and you use the same IP range both inside and out, i.e. it doesn't require you to re-number your networks.

The "default" rules on the Sonicwall will allow anything out and nothing in, which means you'll be able t browse and download, but outside users wont' be able to access inwards - which is presumably what you'd want? If you do need inward access, e.g. for SMTP mail delivery, you need to start making rules for that.

===

If you don't want to use Transparent mode you'll have to use NAT. Which means the following steps.
1) Re-numbre your LAN to use a private address range (192.168.1.0/24 is traditional but not compulsory - anuthing starting 192.168 or 10. will do!
2) Set the Sonicwall LAN up as the (traditionallly first or last) address on the private range, e.g. 192.168.1.254. This is your Default Gateway for your server and workstations.
3) Set the SonicwalL WAN up on your assigned public IPs, the router will already have address 1, so give address 2 to the Sonicwall, set it's default gateway to address 1.
4) Turn basic NAT on on the sonicwall if it isn't - (it will be by default).

That should do it. You should now once again be in a position to see out, but no-one see in.

0
 

Author Comment

by:rreiss60
ID: 24108201
Thanks to all. I am working on these suggestions. I will get back to you all.
0
 

Author Comment

by:rreiss60
ID: 24157981
Unfortunately I couldn't get things to work and hired someone.  He told me among other things that the firmware in the sonicwall appliance was corrupted.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now