Solved

unable to get to the internet behind tz 100

Posted on 2011-03-11
15
709 Views
Last Modified: 2013-11-16
unable to get out from behind the firewall TZ 100, can ping www.google.com for diagnostics, and site to site vpn works
0
Comment
Question by:dwaynem2345
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +2
15 Comments
 
LVL 2

Expert Comment

by:jimponder
ID: 35111988
On your domain controller: ipconfig /flushdns.
Do you have a rule in place that allow lan to wan traffic?  Is it enabled?
0
 

Author Comment

by:dwaynem2345
ID: 35111990
lan to wan any
0
 

Author Comment

by:dwaynem2345
ID: 35112005
it is a small office home office and no domain controller
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 29

Expert Comment

by:Randy Downs
ID: 35112049
Do you mean no access to the web? :80 ?
0
 

Author Comment

by:dwaynem2345
ID: 35112054
correct...I can through diagnostics, just cant from any machine i hook up to it....I can even get into the firewall remotely, very odd.
0
 
LVL 9

Expert Comment

by:avilov
ID: 35112061
*I am not familiar with that firewall*

in general you need two rules: incoming and outgoing. "lan to wan any" is one, what is the other?

something like "wan to lan ..."
0
 
LVL 2

Expert Comment

by:jimponder
ID: 35112070
how about wan to lan any?  Put that in place and verify the firewall is the problem.  
0
 

Author Comment

by:dwaynem2345
ID: 35112075
i did that...and still no go....but like i said, site to site vpn works just fine.
0
 
LVL 9

Expert Comment

by:avilov
ID: 35112108
what is your routing table looks like on that firewall?

do you have a router in front of firewall? does it have correct default route?
0
 
LVL 29

Expert Comment

by:Randy Downs
ID: 35112113
0
 
LVL 33

Expert Comment

by:digitap
ID: 35112192
site to site vpn is going to use IP not DNS so we at least now that your internet is up. the fact that you can ping www.google.com says DNS is resolving properly.

go to system > diagnostics of your sonicwall and select Ping from the drop down. choose 4.2.2.2 first. if that pings properly, ping www.google.com. if it pings successfully, then ping www.ibm.com or whatever. if it pings successfully, then your sonicwall is resolving DNS properly.

if you aren't able to ping those devices properly from a workstation then you've got an internal DNS resolution issue. how are your internal hosts resolving DNS? is it from a central server? if you replace the DNS server IP of one of your workstations with 4.2.2.2, is it able to get to internet hosts by name?

also, when you added the WAN > LAN Any on your firewall, you opened up your firewall to the internet. you want to delete that firewall rule or change it immediately!
0
 

Author Comment

by:dwaynem2345
ID: 35112207
i did disable that rule already, i can get to the internet from the firewall, just nothing that is directly hooked  up to it.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35112229
ok...change the DNS server IP of one of your workstations to use 4.2.2.2 and try to get to the internet. can you ping 4.2.2.2 from one of your workstations behind the tz100?
0
 

Author Comment

by:dwaynem2345
ID: 35112312
i cannot ping that
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 35112346
ok...it seems like a routing issue. compare the IP address of the LAN interface of your tz100 to the gateway IP of the workstation that is unable to ping 4.2.2.2? is there a difference? what's handling IP assignments, an internal Windows DHCP server or the sonicwall?
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Workarround to disable "no split tunneling" from client Software checkpoint 1 81
Iptables Centos 6 - Sort Numerically 5 63
Watchguard Firewall Setup 3 101
Watchguard XTM 2 94
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question