Multiple HTTPS sites behind Sonicwall on IIS 7.5

I have 2 servers that are in need of HTTPS (both have valid SSL certs), both running Windows Server 2008 R2 64 bit, one with Exchange 2010 and the other with various IIS / internet related apps, roles and features installed.

They are both behind a Sonicwall TZ190. The Exchange one needs HTTPS for OWA and ActiveSynch, the other needs it for authenticating the fairly complex intranet site against AD.

I can't assign them both HTTPS traffic in Sonicwall CP because that breaks both. I don't know if this is a Sonicwall fix or an IIS one, either way they need to both work.

What should I do?
Bob StoneIT GuruAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

by assigning HTTPS traffic i am assuming you are opening up port 443 to the internal IP address(s)?
Bob StoneIT GuruAuthor Commented:
Yes, port 443 is open on Sonicwall already, you just have to assign it to an internal IP. It doesn't like it when you assign it to more than one.
I am not familiar with sonicwall. With Cisco, i create a incoming rule for each ip and what services it needs.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Kevin CrossChief Technology OfficerCommented:
For now, let's consider IIS side working as you have two different servers that hopefully work internally to serve up HTTPS. Although, if the answers to some of my SonicWall/ISP questions below cause an issue, then an IIS fix would be to configure an alternative SSL port. For example, a traditional one is 8443.

Okay. As indicated, SonicWall does support assigning different NATs -- though, mine is a TZ 170 Enhanced, so double check TZ 190. For me it shows up under Network tab as Address Objects and NAT Policies and under Firewall is the Services where you define the ports you want open for a specific service/address object.

How many public IP addresses do you have?

When you say enable SSL, is that on SonicWall's main IP address, i.e., port forwarding? I know my SonicWall uses SSL on the WAN side to access the management page; therefore, if you are using port forwarding off the single IP address belonging to the SW router itself that may cause trouble.

Will stop at that until we see where you are.
Bob StoneIT GuruAuthor Commented:
I am not sure how to change the port on SSL.

I know the basics of hooking up stuff on Sonicwall, it also has some complicated stuff on it for a VPN and a VoIP phone system that a 3rd set up a while back that I need to be careful not to break.

I have 2 public IPs available through 2 different ISPs.

It only seems to have one port 443 for both public IPs. I dunno how to change / fix that.
Kevin CrossChief Technology OfficerCommented:
Do you see the tabs down the left I do, i.e., Network and Firewall? Or do you see someone to specify ports to forward? You can usually add one and point it where you want.
Bob StoneIT GuruAuthor Commented:
I see the menu, but there are tons of entries already and I am not sure how to add what I need to or where.
Yes you can do this. First need to know if on your LAN, do each of these servers now have a different ip address? if not, is the OWA access like or something similar.

Or if different, please advise.

Bob StoneIT GuruAuthor Commented:
Yes they have unique IP.
I am assuming you have SonicOS enhanced. You will need to choose a second (WAN) public ip address to use for one of the two servers. So lets say you want to put OWA on a new WAN address.

The easiest way to do this is to use the Wizards, and select the "Public Server Wizard". It will come up with Web Server. Unselect http is you don't want that and click NEXT. Complete the Server Private Network Configuration and click NEXT. For the Public Information give it a new ip address on your WAN subnet and click NEXT.

Review the next screen and perhaps print it as a reference. This is what the Sonicwall is about to do.

Click next and you should be done.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kevin CrossChief Technology OfficerCommented:
Yes, I agree. I usually do these manually, but the public server wizard does work nicely.
Bob StoneIT GuruAuthor Commented:
Worked great. Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.