Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Setting up Windows server behind firewall.

Posted on 2009-04-07
Medium Priority
Last Modified: 2013-11-16
I have a new installation of Windows Server 2003 standard as a domain controller.  I have a Sonicwall Pro 100 firewall.  I have static IP's and a DSL connection.  I have access to the router and firewall setup screens.  When I connect the server to the router directly, the internet connection works fine, but not when it's behind the firewall.

What steps do I need to take to configure things for a standard but secure setup as the foundation for my small office LAN?
Question by:rreiss60

Assisted Solution

cmorffew earned 150 total points
ID: 24088724
Have you configured the Firewall to allow local LAN access?
Refer to pages 30-38 of the manual.

make sure you configure for NAT enabled configuration page 35

If you dont have the manual - you can download it from here: http://safemanuals.com/user-guide-instructions-owner-manual/SONICWALL/INTERNET%20SECURITY%20APPLIANCE-_E
LVL 33

Assisted Solution

MikeKane earned 300 total points
ID: 24088794
Well,  general rule of thumb is to make things as restrictive as possible allowing only the services you need to bypass the firewall.   The firewall will control traffic going both in and out so it can enforce whatever security policies you have.  

For a basic setup, (and this is just an example), you would allow all hosts on the inside to go out to the web using the interface address for NAT, but block all incoming traffic.    

The Sonic Wall has a quickstart guide here:

It will give you a nice walk through in setting up that basic scenario.  

To better help define what your firewall would look like, you should begin by asking, "What do I want people to access?" and "What do I want the world to access in my network?"    

With those answered, you can begin a simple setup.
LVL 17

Accepted Solution

ccomley earned 600 total points
ID: 24088956
if you have it workign withOUT the firewall, easiest way would be to set the firewall up in transparent mode - this way the firewall does not act as a ROUTER and you use the same IP range both inside and out, i.e. it doesn't require you to re-number your networks.

The "default" rules on the Sonicwall will allow anything out and nothing in, which means you'll be able t browse and download, but outside users wont' be able to access inwards - which is presumably what you'd want? If you do need inward access, e.g. for SMTP mail delivery, you need to start making rules for that.


If you don't want to use Transparent mode you'll have to use NAT. Which means the following steps.
1) Re-numbre your LAN to use a private address range ( is traditional but not compulsory - anuthing starting 192.168 or 10. will do!
2) Set the Sonicwall LAN up as the (traditionallly first or last) address on the private range, e.g. This is your Default Gateway for your server and workstations.
3) Set the SonicwalL WAN up on your assigned public IPs, the router will already have address 1, so give address 2 to the Sonicwall, set it's default gateway to address 1.
4) Turn basic NAT on on the sonicwall if it isn't - (it will be by default).

That should do it. You should now once again be in a position to see out, but no-one see in.


Author Comment

ID: 24108201
Thanks to all. I am working on these suggestions. I will get back to you all.

Author Comment

ID: 24157981
Unfortunately I couldn't get things to work and hired someone.  He told me among other things that the firmware in the sonicwall appliance was corrupted.

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question