Solved

New Pro 2040 Sonicwall - I need to get to a public address from within the network

Posted on 2009-07-07
6
856 Views
Last Modified: 2012-05-07
I have just installed a new Sonicwall Pro 2040 firewall.  I have a server that I need to get to from the outside.   I created a one to one NAT and that works 100% fine when access from outside the network.  
However, when I try to access the server from INSIDE the network, I am unable.  Any ideas?

Here is the setup:
host1.company.com - public 67.8.8.57
host2 - private 10.1.1.57
one to one NAT from 67.8.8.57 to 10.1.1.57

If I ping host1.company.com from inside the 10.1.1.x network, I get a request timed out.
If I ping host1.company.com from the internet, I get successful pings.
If I ping host1.company.com from our MPLS office, I get successful pings.

I had an old Pro 200 Sonicwall with this exact same setup and I was able to ping from within the network.

Thanks!
0
Comment
Question by:scottvin
  • 3
  • 3
6 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24801996
Usually with most hardware firewall ingress and egress interface for a packet cannot be same; also called event horizon problem; as a result you are facing the problem.
Very few vendors like cisco have solution for this problem by implementing something called hairpin.

Well there is no setting on the Sonicwall firewall which would solve this issue; but there are workarounds.

1. Configure the internal DNS caching server for two zones, which would resolve to internal IP for local clients and to public IP for others.

2. You can edit the hosts file on each machine and configure local IP there, so all the packets would go to the internal server.

3. Use internal IP instead.

Thank you.
0
 

Author Comment

by:scottvin
ID: 24803408
I see.. So the early Sonicwalls allowed this type of behavior and the new ones don't?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24803687
I am not too sure why it worked on older firewall in the first place. May be there was some internal DNS entry earlier which might have been modified/deleted.

Can you update if there is any change which was done on the network, other than replacing the firewall.

Thank you.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:scottvin
ID: 24803712
Yes, we changed over to a new ISP as well but I am sure it is the new firewall.  The old one was over 6 years old.

We are going with option #2 by the way.  It's only a handful of machines but I wanted to see if it's possible.

Thanks!
0
 

Author Closing Comment

by:scottvin
ID: 31600698
Nice, quick, concise answer!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24809986
Thank you.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stuck in INIT/DROTHER 2 50
WiFi Routers with Guest Network capability 14 75
Cisco ASA blocks some https sites. 27 43
FTP Transfer Speeds ... 6 54
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question