• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1289
  • Last Modified:

Multiple HTTPS sites behind Sonicwall on IIS 7.5

I have 2 servers that are in need of HTTPS (both have valid SSL certs), both running Windows Server 2008 R2 64 bit, one with Exchange 2010 and the other with various IIS / internet related apps, roles and features installed.

They are both behind a Sonicwall TZ190. The Exchange one needs HTTPS for OWA and ActiveSynch, the other needs it for authenticating the fairly complex intranet site against AD.

I can't assign them both HTTPS traffic in Sonicwall CP because that breaks both. I don't know if this is a Sonicwall fix or an IIS one, either way they need to both work.

What should I do?
0
Bob Stone
Asked:
Bob Stone
  • 5
  • 3
  • 2
  • +1
1 Solution
 
Getsum_BloodlustCommented:
by assigning HTTPS traffic i am assuming you are opening up port 443 to the internal IP address(s)?
0
 
Bob StoneIT GuruAuthor Commented:
Yes, port 443 is open on Sonicwall already, you just have to assign it to an internal IP. It doesn't like it when you assign it to more than one.
0
 
Getsum_BloodlustCommented:
I am not familiar with sonicwall. With Cisco, i create a incoming rule for each ip and what services it needs.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Kevin CrossChief Technology OfficerCommented:
For now, let's consider IIS side working as you have two different servers that hopefully work internally to serve up HTTPS. Although, if the answers to some of my SonicWall/ISP questions below cause an issue, then an IIS fix would be to configure an alternative SSL port. For example, a traditional one is 8443.

Okay. As indicated, SonicWall does support assigning different NATs -- though, mine is a TZ 170 Enhanced, so double check TZ 190. For me it shows up under Network tab as Address Objects and NAT Policies and under Firewall is the Services where you define the ports you want open for a specific service/address object.

How many public IP addresses do you have?

When you say enable SSL, is that on SonicWall's main IP address, i.e., port forwarding? I know my SonicWall uses SSL on the WAN side to access the management page; therefore, if you are using port forwarding off the single IP address belonging to the SW router itself that may cause trouble.

Will stop at that until we see where you are.
0
 
Bob StoneIT GuruAuthor Commented:
I am not sure how to change the port on SSL.

I know the basics of hooking up stuff on Sonicwall, it also has some complicated stuff on it for a VPN and a VoIP phone system that a 3rd set up a while back that I need to be careful not to break.

I have 2 public IPs available through 2 different ISPs.

It only seems to have one port 443 for both public IPs. I dunno how to change / fix that.
0
 
Kevin CrossChief Technology OfficerCommented:
Do you see the tabs down the left I do, i.e., Network and Firewall? Or do you see someone to specify ports to forward? You can usually add one and point it where you want.
0
 
Bob StoneIT GuruAuthor Commented:
I see the menu, but there are tons of entries already and I am not sure how to add what I need to or where.
0
 
carlmdCommented:
Yes you can do this. First need to know if on your LAN, do each of these servers now have a different ip address? if not, is the OWA access like https://www.mydomain.com/owa or something similar.

Or if different, please advise.

0
 
Bob StoneIT GuruAuthor Commented:
Yes they have unique IP.
0
 
carlmdCommented:
I am assuming you have SonicOS enhanced. You will need to choose a second (WAN) public ip address to use for one of the two servers. So lets say you want to put OWA on a new WAN address.

The easiest way to do this is to use the Wizards, and select the "Public Server Wizard". It will come up with Web Server. Unselect http is you don't want that and click NEXT. Complete the Server Private Network Configuration and click NEXT. For the Public Information give it a new ip address on your WAN subnet and click NEXT.

Review the next screen and perhaps print it as a reference. This is what the Sonicwall is about to do.

Click next and you should be done.
0
 
Kevin CrossChief Technology OfficerCommented:
Yes, I agree. I usually do these manually, but the public server wizard does work nicely.
0
 
Bob StoneIT GuruAuthor Commented:
Worked great. Thanks
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now