Solved

New Pro 2040 Sonicwall - I need to get to a public address from within the network

Posted on 2009-07-07
6
869 Views
Last Modified: 2012-05-07
I have just installed a new Sonicwall Pro 2040 firewall.  I have a server that I need to get to from the outside.   I created a one to one NAT and that works 100% fine when access from outside the network.  
However, when I try to access the server from INSIDE the network, I am unable.  Any ideas?

Here is the setup:
host1.company.com - public 67.8.8.57
host2 - private 10.1.1.57
one to one NAT from 67.8.8.57 to 10.1.1.57

If I ping host1.company.com from inside the 10.1.1.x network, I get a request timed out.
If I ping host1.company.com from the internet, I get successful pings.
If I ping host1.company.com from our MPLS office, I get successful pings.

I had an old Pro 200 Sonicwall with this exact same setup and I was able to ping from within the network.

Thanks!
0
Comment
Question by:scottvin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24801996
Usually with most hardware firewall ingress and egress interface for a packet cannot be same; also called event horizon problem; as a result you are facing the problem.
Very few vendors like cisco have solution for this problem by implementing something called hairpin.

Well there is no setting on the Sonicwall firewall which would solve this issue; but there are workarounds.

1. Configure the internal DNS caching server for two zones, which would resolve to internal IP for local clients and to public IP for others.

2. You can edit the hosts file on each machine and configure local IP there, so all the packets would go to the internal server.

3. Use internal IP instead.

Thank you.
0
 

Author Comment

by:scottvin
ID: 24803408
I see.. So the early Sonicwalls allowed this type of behavior and the new ones don't?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24803687
I am not too sure why it worked on older firewall in the first place. May be there was some internal DNS entry earlier which might have been modified/deleted.

Can you update if there is any change which was done on the network, other than replacing the firewall.

Thank you.
0
Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

 

Author Comment

by:scottvin
ID: 24803712
Yes, we changed over to a new ISP as well but I am sure it is the new firewall.  The old one was over 6 years old.

We are going with option #2 by the way.  It's only a handful of machines but I wanted to see if it's possible.

Thanks!
0
 

Author Closing Comment

by:scottvin
ID: 31600698
Nice, quick, concise answer!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24809986
Thank you.
0

Featured Post

Everything You Need to Know about Petya 2.0

Get an overview of the what, when and how of Petya 2.0  from our threat analyst Marc Labilerte, as well as a look at how WatchGuard Total Security Suite protected our customers from the recent attack!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question