Setting up Windows server behind firewall.

I have a new installation of Windows Server 2003 standard as a domain controller.  I have a Sonicwall Pro 100 firewall.  I have static IP's and a DSL connection.  I have access to the router and firewall setup screens.  When I connect the server to the router directly, the internet connection works fine, but not when it's behind the firewall.

What steps do I need to take to configure things for a standard but secure setup as the foundation for my small office LAN?
Who is Participating?
ccomleyConnect With a Mentor Commented:
if you have it workign withOUT the firewall, easiest way would be to set the firewall up in transparent mode - this way the firewall does not act as a ROUTER and you use the same IP range both inside and out, i.e. it doesn't require you to re-number your networks.

The "default" rules on the Sonicwall will allow anything out and nothing in, which means you'll be able t browse and download, but outside users wont' be able to access inwards - which is presumably what you'd want? If you do need inward access, e.g. for SMTP mail delivery, you need to start making rules for that.


If you don't want to use Transparent mode you'll have to use NAT. Which means the following steps.
1) Re-numbre your LAN to use a private address range ( is traditional but not compulsory - anuthing starting 192.168 or 10. will do!
2) Set the Sonicwall LAN up as the (traditionallly first or last) address on the private range, e.g. This is your Default Gateway for your server and workstations.
3) Set the SonicwalL WAN up on your assigned public IPs, the router will already have address 1, so give address 2 to the Sonicwall, set it's default gateway to address 1.
4) Turn basic NAT on on the sonicwall if it isn't - (it will be by default).

That should do it. You should now once again be in a position to see out, but no-one see in.

cmorffewConnect With a Mentor Commented:
Have you configured the Firewall to allow local LAN access?
Refer to pages 30-38 of the manual.

make sure you configure for NAT enabled configuration page 35

If you dont have the manual - you can download it from here:
MikeKaneConnect With a Mentor Commented:
Well,  general rule of thumb is to make things as restrictive as possible allowing only the services you need to bypass the firewall.   The firewall will control traffic going both in and out so it can enforce whatever security policies you have.  

For a basic setup, (and this is just an example), you would allow all hosts on the inside to go out to the web using the interface address for NAT, but block all incoming traffic.    

The Sonic Wall has a quickstart guide here:

It will give you a nice walk through in setting up that basic scenario.  

To better help define what your firewall would look like, you should begin by asking, "What do I want people to access?" and "What do I want the world to access in my network?"    

With those answered, you can begin a simple setup.
rreiss60Author Commented:
Thanks to all. I am working on these suggestions. I will get back to you all.
rreiss60Author Commented:
Unfortunately I couldn't get things to work and hired someone.  He told me among other things that the firmware in the sonicwall appliance was corrupted.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.