Setting up Windows server behind firewall.

Posted on 2009-04-07
Last Modified: 2013-11-16
I have a new installation of Windows Server 2003 standard as a domain controller.  I have a Sonicwall Pro 100 firewall.  I have static IP's and a DSL connection.  I have access to the router and firewall setup screens.  When I connect the server to the router directly, the internet connection works fine, but not when it's behind the firewall.

What steps do I need to take to configure things for a standard but secure setup as the foundation for my small office LAN?
Question by:rreiss60

Assisted Solution

cmorffew earned 50 total points
ID: 24088724
Have you configured the Firewall to allow local LAN access?
Refer to pages 30-38 of the manual.

make sure you configure for NAT enabled configuration page 35

If you dont have the manual - you can download it from here:
LVL 33

Assisted Solution

MikeKane earned 100 total points
ID: 24088794
Well,  general rule of thumb is to make things as restrictive as possible allowing only the services you need to bypass the firewall.   The firewall will control traffic going both in and out so it can enforce whatever security policies you have.  

For a basic setup, (and this is just an example), you would allow all hosts on the inside to go out to the web using the interface address for NAT, but block all incoming traffic.    

The Sonic Wall has a quickstart guide here:

It will give you a nice walk through in setting up that basic scenario.  

To better help define what your firewall would look like, you should begin by asking, "What do I want people to access?" and "What do I want the world to access in my network?"    

With those answered, you can begin a simple setup.
LVL 16

Accepted Solution

ccomley earned 200 total points
ID: 24088956
if you have it workign withOUT the firewall, easiest way would be to set the firewall up in transparent mode - this way the firewall does not act as a ROUTER and you use the same IP range both inside and out, i.e. it doesn't require you to re-number your networks.

The "default" rules on the Sonicwall will allow anything out and nothing in, which means you'll be able t browse and download, but outside users wont' be able to access inwards - which is presumably what you'd want? If you do need inward access, e.g. for SMTP mail delivery, you need to start making rules for that.


If you don't want to use Transparent mode you'll have to use NAT. Which means the following steps.
1) Re-numbre your LAN to use a private address range ( is traditional but not compulsory - anuthing starting 192.168 or 10. will do!
2) Set the Sonicwall LAN up as the (traditionallly first or last) address on the private range, e.g. This is your Default Gateway for your server and workstations.
3) Set the SonicwalL WAN up on your assigned public IPs, the router will already have address 1, so give address 2 to the Sonicwall, set it's default gateway to address 1.
4) Turn basic NAT on on the sonicwall if it isn't - (it will be by default).

That should do it. You should now once again be in a position to see out, but no-one see in.


Author Comment

ID: 24108201
Thanks to all. I am working on these suggestions. I will get back to you all.

Author Comment

ID: 24157981
Unfortunately I couldn't get things to work and hired someone.  He told me among other things that the firmware in the sonicwall appliance was corrupted.

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now