Solved

New Pro 2040 Sonicwall - I need to get to a public address from within the network

Posted on 2009-07-07
6
864 Views
Last Modified: 2012-05-07
I have just installed a new Sonicwall Pro 2040 firewall.  I have a server that I need to get to from the outside.   I created a one to one NAT and that works 100% fine when access from outside the network.  
However, when I try to access the server from INSIDE the network, I am unable.  Any ideas?

Here is the setup:
host1.company.com - public 67.8.8.57
host2 - private 10.1.1.57
one to one NAT from 67.8.8.57 to 10.1.1.57

If I ping host1.company.com from inside the 10.1.1.x network, I get a request timed out.
If I ping host1.company.com from the internet, I get successful pings.
If I ping host1.company.com from our MPLS office, I get successful pings.

I had an old Pro 200 Sonicwall with this exact same setup and I was able to ping from within the network.

Thanks!
0
Comment
Question by:scottvin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24801996
Usually with most hardware firewall ingress and egress interface for a packet cannot be same; also called event horizon problem; as a result you are facing the problem.
Very few vendors like cisco have solution for this problem by implementing something called hairpin.

Well there is no setting on the Sonicwall firewall which would solve this issue; but there are workarounds.

1. Configure the internal DNS caching server for two zones, which would resolve to internal IP for local clients and to public IP for others.

2. You can edit the hosts file on each machine and configure local IP there, so all the packets would go to the internal server.

3. Use internal IP instead.

Thank you.
0
 

Author Comment

by:scottvin
ID: 24803408
I see.. So the early Sonicwalls allowed this type of behavior and the new ones don't?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24803687
I am not too sure why it worked on older firewall in the first place. May be there was some internal DNS entry earlier which might have been modified/deleted.

Can you update if there is any change which was done on the network, other than replacing the firewall.

Thank you.
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 

Author Comment

by:scottvin
ID: 24803712
Yes, we changed over to a new ISP as well but I am sure it is the new firewall.  The old one was over 6 years old.

We are going with option #2 by the way.  It's only a handful of machines but I wanted to see if it's possible.

Thanks!
0
 

Author Closing Comment

by:scottvin
ID: 31600698
Nice, quick, concise answer!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24809986
Thank you.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question