Solved

New Pro 2040 Sonicwall - I need to get to a public address from within the network

Posted on 2009-07-07
6
845 Views
Last Modified: 2012-05-07
I have just installed a new Sonicwall Pro 2040 firewall.  I have a server that I need to get to from the outside.   I created a one to one NAT and that works 100% fine when access from outside the network.  
However, when I try to access the server from INSIDE the network, I am unable.  Any ideas?

Here is the setup:
host1.company.com - public 67.8.8.57
host2 - private 10.1.1.57
one to one NAT from 67.8.8.57 to 10.1.1.57

If I ping host1.company.com from inside the 10.1.1.x network, I get a request timed out.
If I ping host1.company.com from the internet, I get successful pings.
If I ping host1.company.com from our MPLS office, I get successful pings.

I had an old Pro 200 Sonicwall with this exact same setup and I was able to ping from within the network.

Thanks!
0
Comment
Question by:scottvin
  • 3
  • 3
6 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24801996
Usually with most hardware firewall ingress and egress interface for a packet cannot be same; also called event horizon problem; as a result you are facing the problem.
Very few vendors like cisco have solution for this problem by implementing something called hairpin.

Well there is no setting on the Sonicwall firewall which would solve this issue; but there are workarounds.

1. Configure the internal DNS caching server for two zones, which would resolve to internal IP for local clients and to public IP for others.

2. You can edit the hosts file on each machine and configure local IP there, so all the packets would go to the internal server.

3. Use internal IP instead.

Thank you.
0
 

Author Comment

by:scottvin
ID: 24803408
I see.. So the early Sonicwalls allowed this type of behavior and the new ones don't?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24803687
I am not too sure why it worked on older firewall in the first place. May be there was some internal DNS entry earlier which might have been modified/deleted.

Can you update if there is any change which was done on the network, other than replacing the firewall.

Thank you.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:scottvin
ID: 24803712
Yes, we changed over to a new ISP as well but I am sure it is the new firewall.  The old one was over 6 years old.

We are going with option #2 by the way.  It's only a handful of machines but I wanted to see if it's possible.

Thanks!
0
 

Author Closing Comment

by:scottvin
ID: 31600698
Nice, quick, concise answer!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24809986
Thank you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now