Solved

New Pro 2040 Sonicwall - I need to get to a public address from within the network

Posted on 2009-07-07
6
851 Views
Last Modified: 2012-05-07
I have just installed a new Sonicwall Pro 2040 firewall.  I have a server that I need to get to from the outside.   I created a one to one NAT and that works 100% fine when access from outside the network.  
However, when I try to access the server from INSIDE the network, I am unable.  Any ideas?

Here is the setup:
host1.company.com - public 67.8.8.57
host2 - private 10.1.1.57
one to one NAT from 67.8.8.57 to 10.1.1.57

If I ping host1.company.com from inside the 10.1.1.x network, I get a request timed out.
If I ping host1.company.com from the internet, I get successful pings.
If I ping host1.company.com from our MPLS office, I get successful pings.

I had an old Pro 200 Sonicwall with this exact same setup and I was able to ping from within the network.

Thanks!
0
Comment
Question by:scottvin
  • 3
  • 3
6 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24801996
Usually with most hardware firewall ingress and egress interface for a packet cannot be same; also called event horizon problem; as a result you are facing the problem.
Very few vendors like cisco have solution for this problem by implementing something called hairpin.

Well there is no setting on the Sonicwall firewall which would solve this issue; but there are workarounds.

1. Configure the internal DNS caching server for two zones, which would resolve to internal IP for local clients and to public IP for others.

2. You can edit the hosts file on each machine and configure local IP there, so all the packets would go to the internal server.

3. Use internal IP instead.

Thank you.
0
 

Author Comment

by:scottvin
ID: 24803408
I see.. So the early Sonicwalls allowed this type of behavior and the new ones don't?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24803687
I am not too sure why it worked on older firewall in the first place. May be there was some internal DNS entry earlier which might have been modified/deleted.

Can you update if there is any change which was done on the network, other than replacing the firewall.

Thank you.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:scottvin
ID: 24803712
Yes, we changed over to a new ISP as well but I am sure it is the new firewall.  The old one was over 6 years old.

We are going with option #2 by the way.  It's only a handful of machines but I wanted to see if it's possible.

Thanks!
0
 

Author Closing Comment

by:scottvin
ID: 31600698
Nice, quick, concise answer!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24809986
Thank you.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS Server 2011 does not recognize a PC as being Online 8 50
IPv6 NAT to IPv4 27 49
Running a 2nd company from the same location 3 44
Ping configured interface on Sonicwall 16 48
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question