dwaynem2345
asked on
unable to get to the internet behind tz 100
unable to get out from behind the firewall TZ 100, can ping www.google.com for diagnostics, and site to site vpn works
ASKER
lan to wan any
ASKER
it is a small office home office and no domain controller
Do you mean no access to the web? :80 ?
ASKER
correct...I can through diagnostics, just cant from any machine i hook up to it....I can even get into the firewall remotely, very odd.
*I am not familiar with that firewall*
in general you need two rules: incoming and outgoing. "lan to wan any" is one, what is the other?
something like "wan to lan ..."
in general you need two rules: incoming and outgoing. "lan to wan any" is one, what is the other?
something like "wan to lan ..."
how about wan to lan any? Put that in place and verify the firewall is the problem.
ASKER
i did that...and still no go....but like i said, site to site vpn works just fine.
what is your routing table looks like on that firewall?
do you have a router in front of firewall? does it have correct default route?
do you have a router in front of firewall? does it have correct default route?
Troubleshooting guide here - http://www.sonicwall.com.tw/downloads/SonicWALL_TZ_100_200_Series_Getting_Started_Guide.pdf
site to site vpn is going to use IP not DNS so we at least now that your internet is up. the fact that you can ping www.google.com says DNS is resolving properly.
go to system > diagnostics of your sonicwall and select Ping from the drop down. choose 4.2.2.2 first. if that pings properly, ping www.google.com. if it pings successfully, then ping www.ibm.com or whatever. if it pings successfully, then your sonicwall is resolving DNS properly.
if you aren't able to ping those devices properly from a workstation then you've got an internal DNS resolution issue. how are your internal hosts resolving DNS? is it from a central server? if you replace the DNS server IP of one of your workstations with 4.2.2.2, is it able to get to internet hosts by name?
also, when you added the WAN > LAN Any on your firewall, you opened up your firewall to the internet. you want to delete that firewall rule or change it immediately!
go to system > diagnostics of your sonicwall and select Ping from the drop down. choose 4.2.2.2 first. if that pings properly, ping www.google.com. if it pings successfully, then ping www.ibm.com or whatever. if it pings successfully, then your sonicwall is resolving DNS properly.
if you aren't able to ping those devices properly from a workstation then you've got an internal DNS resolution issue. how are your internal hosts resolving DNS? is it from a central server? if you replace the DNS server IP of one of your workstations with 4.2.2.2, is it able to get to internet hosts by name?
also, when you added the WAN > LAN Any on your firewall, you opened up your firewall to the internet. you want to delete that firewall rule or change it immediately!
ASKER
i did disable that rule already, i can get to the internet from the firewall, just nothing that is directly hooked up to it.
ok...change the DNS server IP of one of your workstations to use 4.2.2.2 and try to get to the internet. can you ping 4.2.2.2 from one of your workstations behind the tz100?
ASKER
i cannot ping that
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you have a rule in place that allow lan to wan traffic? Is it enabled?