[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

unable to get to the internet behind tz 100

Posted on 2011-03-11
15
Medium Priority
?
713 Views
Last Modified: 2013-11-16
unable to get out from behind the firewall TZ 100, can ping www.google.com for diagnostics, and site to site vpn works
0
Comment
Question by:dwaynem2345
  • 6
  • 3
  • 2
  • +2
15 Comments
 
LVL 2

Expert Comment

by:jimponder
ID: 35111988
On your domain controller: ipconfig /flushdns.
Do you have a rule in place that allow lan to wan traffic?  Is it enabled?
0
 

Author Comment

by:dwaynem2345
ID: 35111990
lan to wan any
0
 

Author Comment

by:dwaynem2345
ID: 35112005
it is a small office home office and no domain controller
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 30

Expert Comment

by:Randy Downs
ID: 35112049
Do you mean no access to the web? :80 ?
0
 

Author Comment

by:dwaynem2345
ID: 35112054
correct...I can through diagnostics, just cant from any machine i hook up to it....I can even get into the firewall remotely, very odd.
0
 
LVL 9

Expert Comment

by:avilov
ID: 35112061
*I am not familiar with that firewall*

in general you need two rules: incoming and outgoing. "lan to wan any" is one, what is the other?

something like "wan to lan ..."
0
 
LVL 2

Expert Comment

by:jimponder
ID: 35112070
how about wan to lan any?  Put that in place and verify the firewall is the problem.  
0
 

Author Comment

by:dwaynem2345
ID: 35112075
i did that...and still no go....but like i said, site to site vpn works just fine.
0
 
LVL 9

Expert Comment

by:avilov
ID: 35112108
what is your routing table looks like on that firewall?

do you have a router in front of firewall? does it have correct default route?
0
 
LVL 30

Expert Comment

by:Randy Downs
ID: 35112113
0
 
LVL 33

Expert Comment

by:digitap
ID: 35112192
site to site vpn is going to use IP not DNS so we at least now that your internet is up. the fact that you can ping www.google.com says DNS is resolving properly.

go to system > diagnostics of your sonicwall and select Ping from the drop down. choose 4.2.2.2 first. if that pings properly, ping www.google.com. if it pings successfully, then ping www.ibm.com or whatever. if it pings successfully, then your sonicwall is resolving DNS properly.

if you aren't able to ping those devices properly from a workstation then you've got an internal DNS resolution issue. how are your internal hosts resolving DNS? is it from a central server? if you replace the DNS server IP of one of your workstations with 4.2.2.2, is it able to get to internet hosts by name?

also, when you added the WAN > LAN Any on your firewall, you opened up your firewall to the internet. you want to delete that firewall rule or change it immediately!
0
 

Author Comment

by:dwaynem2345
ID: 35112207
i did disable that rule already, i can get to the internet from the firewall, just nothing that is directly hooked  up to it.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35112229
ok...change the DNS server IP of one of your workstations to use 4.2.2.2 and try to get to the internet. can you ping 4.2.2.2 from one of your workstations behind the tz100?
0
 

Author Comment

by:dwaynem2345
ID: 35112312
i cannot ping that
0
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 35112346
ok...it seems like a routing issue. compare the IP address of the LAN interface of your tz100 to the gateway IP of the workstation that is unable to ping 4.2.2.2? is there a difference? what's handling IP assignments, an internal Windows DHCP server or the sonicwall?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question