Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Setup server on DMZ with ports 443 open behind Sonicwall Firewall

Posted on 2011-02-15
8
Medium Priority
?
1,119 Views
Last Modified: 2012-05-11
I need to know how to configure a sonicwall to allow port 443 traffic from outside to server on DMZ
0
Comment
Question by:johnnypinaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 

Expert Comment

by:smallinternetsolutions
ID: 34900982
i think this is what your looking for:
The Services page displays the Network Access Rules (By Service) table. Rules are sorted from the most specific at the top, to less specific at the bottom of the table. At the bottom of the table is the Any rule. The Any rule is all IP services except those listed in the Services page. Rules can be created to override the behavior of the Any rule; for example, the Any rule allows users on the LAN to access all Internet services, including NNTP News. However, LAN access to NNTP can be unblocked by deselecting LAN Out corresponding to the NNTP News service.

Network Access Rules are management tools that allow you to define inbound and outbound access policy, configure user authentication, and enable remote management of the SonicWALL. By default, the SonicWALL’s stateful packet inspection allows all communication from the LAN to the Internet, and blocks all traffic to the LAN from the Internet. The following behaviors are defined by the “Default” stateful inspection packet rule enabled in the SonicWALL:

•Allow all sessions originating from the LAN to the WAN and DMZ.

more info http://help.mysonicwall.com/sw/eng/general/ui1/6600/Access/Services.htm
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 1000 total points
ID: 34901003
what model of sonicwall and is it enhanced or standard os...this can be found one the System > Status page.

if enhanced, you can use the public server wizard.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7027


if standard.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3703
0
 
LVL 5

Expert Comment

by:Noduzz
ID: 34901070
There are few things you need to do:

The first thing you need to do is add a couple network address objects, one for the external IP address and one for the internal IP address.  Then you need to setup a NAT policy allowing all traffic (or just the specific HTTPS traffic if you want to be more secure) that would point the external IP to the internal IP, the other thing is you need to add a Firewall Access Rule that allows HTTPS traffic to the external IP address object from your WAN to LAN.  
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:Noduzz
ID: 34901079
Er sorry I meant from WAN to DMZ not LAN.
0
 

Author Comment

by:johnnypinaz
ID: 34901300
I think Im closer but now I realise my DMZ doesnt talk to my lan. Im sure there is no rule for that. I tried to make a rule that said just let all services go through but that didnt work. I cant even ping a server of the gateway from lan to DMZ or the other way around
0
 
LVL 33

Expert Comment

by:digitap
ID: 34901380
it depends on if you created the DMZ to be trusted.  you can determine this by going to firewall > DMZ to LAN and vice versa.  my guess is it's deny.
0
 
LVL 5

Accepted Solution

by:
Noduzz earned 1000 total points
ID: 34901391
Yeah by default DMZ to LAN traffic is disabled (and for good reason) that being said you should be able to create a rule from your DMZ to LAN without a problem you just need to make sure the rule is a higher priority than the new all traffic which it shouldnt let you create on under it so i'm not sure why that would be not working.  Have you verified your address objects are the correct IPs?  When you send traffic over that connection do you see anything in your logs about it being blocked?
0
 

Author Comment

by:johnnypinaz
ID: 34906724
Thanks everyone. It was a little of everything. Improper rules mostly. I did learn something huge though. I never knew you could set priorities for rules. Thanks for all of your help! Im working great now.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question