Solved

SonicWALL NSA2400 NetBIOS between two subnet not work with IP Helper

Posted on 2009-05-05
3
1,737 Views
Last Modified: 2013-11-25
Hi all,

I am using SonicWALL NSA 2400, it work well with the VPN and other thing.

But not I am setting two subnet on two interface. Then the problem here.

On X0 interface is a Default LAN, I am using 192.168.18.x/24
On X1 interface is a Default WAN, with Static Public IP
On X2 interface, it is a Limit LAN (I named it) and I make this as are Public Zero (Like DMZ, but it is not using for DMZ, just other LAN with higher security) that holded 192.168.19.x/24 this LAN IP range.....

The problems is all setting are default, then I plug the workstation A1, A2 on X0, B1 on X2 interface...

The default firewall setting from LAN Limit to LAN is all thing disallow, so I add the NetBIOS Port open and SMB that need for file shared or Network Neigborad port open in the Firewall rules ... to make the B1 workstation can connect to some A1 and A2 workstation ...

The problems is this, only IP can work from the LAM Limit to LAN, other like NetBIOS Name that using \\abc will never work.

So I search the SonicWALL support, finded the IP Helper, then I enabled it and add the following policy also don't work.

X0 to X2 allow
X2 to X0 allow
Both are using Network Based IP and subnet ...

So I am totoal lose on that, if the netbios not work, it is not good for end-user, since some workstation much join the W2K3 AD and some workstation on the X2 interface not need to join the Domain...

On the Defult LAN X0 interface, all workstation are no problems both using IP or NetBIOS to connect to the share resource ....

Any suggest for me is welcome, and I am beginner on this case, so if have detail step by step is good for me.

Thank you.
0
Comment
Question by:explorer1979
3 Comments
 
LVL 16

Expert Comment

by:ccomley
ID: 24305165
NetBIOS won't work over a routed network.

SMB over TCP *will* work on a routed network but you may need to hepl it out.

If you have a WINS server, make sure all your workstations can see it , and know abotu it.

Otherwise, you may need to do one of (or a mixture of)

- using IP address, not server name, in SMB commands, e.g. Net Use f: \\192.168.1.1\Sharename
- put the IP address and server name in the HOSTS file of each system.

Either of which is going to be annoying if you later decide to renumber, of course. Such is life.

0
 

Author Comment

by:explorer1979
ID: 24321991
Hi ccomley,

  We haven't WINS Server, since we just have two DC, and many book also suggestion don't run the WINS on DC.

  If we add WINS Server, do also need two server? One place on the 192.168.18.x subnet, and other place on the 192.168.19.x subnet?

  Where are the HOSTS files? This files is place on the client side workstation or other place?

  Thank you very much again.
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 250 total points
ID: 24347259
Don't mess with the HOSTS file. You want the LMHOST File between domain master browsers of each site.

HOST files are for DNS lookups, in the event you don't have a DNS server.

LMHOST files are for WINS lookups, in the event you don't have a WINS server.

Since SMB or netbios shares are highly targeted, you should check with sonic wall customer service to see how they secure SMB sharing between subnets. I think SonicWall can do so. That would be your best and most secure method to access network shares.
http://www.sonicwall.com/us/products/3871.html

If that will not work for you, then a WINS connection between both domain servers, or an LMHOST on both servers will work for you. These LMHOST Files are editable with a text editor, like notepad.
C:\Windows\system32\drivers\ect\LMHost
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
increase internet speed 3 56
ASA Shunning internal IP 10 32
Dropbox sharing 4 27
Firewall port opening 2 22
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now