Link to home
Start Free TrialLog in
Avatar of johnnypinaz
johnnypinaz

asked on

Setup server on DMZ with ports 443 open behind Sonicwall Firewall

I need to know how to configure a sonicwall to allow port 443 traffic from outside to server on DMZ
Avatar of smallinternetsolutions
smallinternetsolutions

i think this is what your looking for:
The Services page displays the Network Access Rules (By Service) table. Rules are sorted from the most specific at the top, to less specific at the bottom of the table. At the bottom of the table is the Any rule. The Any rule is all IP services except those listed in the Services page. Rules can be created to override the behavior of the Any rule; for example, the Any rule allows users on the LAN to access all Internet services, including NNTP News. However, LAN access to NNTP can be unblocked by deselecting LAN Out corresponding to the NNTP News service.

Network Access Rules are management tools that allow you to define inbound and outbound access policy, configure user authentication, and enable remote management of the SonicWALL. By default, the SonicWALL’s stateful packet inspection allows all communication from the LAN to the Internet, and blocks all traffic to the LAN from the Internet. The following behaviors are defined by the “Default” stateful inspection packet rule enabled in the SonicWALL:

•Allow all sessions originating from the LAN to the WAN and DMZ.

more info http://help.mysonicwall.com/sw/eng/general/ui1/6600/Access/Services.htm
SOLUTION
Avatar of digitap
digitap
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
There are few things you need to do:

The first thing you need to do is add a couple network address objects, one for the external IP address and one for the internal IP address.  Then you need to setup a NAT policy allowing all traffic (or just the specific HTTPS traffic if you want to be more secure) that would point the external IP to the internal IP, the other thing is you need to add a Firewall Access Rule that allows HTTPS traffic to the external IP address object from your WAN to LAN.  
Er sorry I meant from WAN to DMZ not LAN.
Avatar of johnnypinaz

ASKER

I think Im closer but now I realise my DMZ doesnt talk to my lan. Im sure there is no rule for that. I tried to make a rule that said just let all services go through but that didnt work. I cant even ping a server of the gateway from lan to DMZ or the other way around
it depends on if you created the DMZ to be trusted.  you can determine this by going to firewall > DMZ to LAN and vice versa.  my guess is it's deny.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks everyone. It was a little of everything. Improper rules mostly. I did learn something huge though. I never knew you could set priorities for rules. Thanks for all of your help! Im working great now.