Setting up Windows server behind firewall.

Posted on 2009-04-07
Last Modified: 2013-11-16
I have a new installation of Windows Server 2003 standard as a domain controller.  I have a Sonicwall Pro 100 firewall.  I have static IP's and a DSL connection.  I have access to the router and firewall setup screens.  When I connect the server to the router directly, the internet connection works fine, but not when it's behind the firewall.

What steps do I need to take to configure things for a standard but secure setup as the foundation for my small office LAN?
Question by:rreiss60

Assisted Solution

cmorffew earned 50 total points
ID: 24088724
Have you configured the Firewall to allow local LAN access?
Refer to pages 30-38 of the manual.

make sure you configure for NAT enabled configuration page 35

If you dont have the manual - you can download it from here:
LVL 33

Assisted Solution

MikeKane earned 100 total points
ID: 24088794
Well,  general rule of thumb is to make things as restrictive as possible allowing only the services you need to bypass the firewall.   The firewall will control traffic going both in and out so it can enforce whatever security policies you have.  

For a basic setup, (and this is just an example), you would allow all hosts on the inside to go out to the web using the interface address for NAT, but block all incoming traffic.    

The Sonic Wall has a quickstart guide here:

It will give you a nice walk through in setting up that basic scenario.  

To better help define what your firewall would look like, you should begin by asking, "What do I want people to access?" and "What do I want the world to access in my network?"    

With those answered, you can begin a simple setup.
LVL 17

Accepted Solution

ccomley earned 200 total points
ID: 24088956
if you have it workign withOUT the firewall, easiest way would be to set the firewall up in transparent mode - this way the firewall does not act as a ROUTER and you use the same IP range both inside and out, i.e. it doesn't require you to re-number your networks.

The "default" rules on the Sonicwall will allow anything out and nothing in, which means you'll be able t browse and download, but outside users wont' be able to access inwards - which is presumably what you'd want? If you do need inward access, e.g. for SMTP mail delivery, you need to start making rules for that.


If you don't want to use Transparent mode you'll have to use NAT. Which means the following steps.
1) Re-numbre your LAN to use a private address range ( is traditional but not compulsory - anuthing starting 192.168 or 10. will do!
2) Set the Sonicwall LAN up as the (traditionallly first or last) address on the private range, e.g. This is your Default Gateway for your server and workstations.
3) Set the SonicwalL WAN up on your assigned public IPs, the router will already have address 1, so give address 2 to the Sonicwall, set it's default gateway to address 1.
4) Turn basic NAT on on the sonicwall if it isn't - (it will be by default).

That should do it. You should now once again be in a position to see out, but no-one see in.


Author Comment

ID: 24108201
Thanks to all. I am working on these suggestions. I will get back to you all.

Author Comment

ID: 24157981
Unfortunately I couldn't get things to work and hired someone.  He told me among other things that the firmware in the sonicwall appliance was corrupted.

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question