Multiple HTTPS sites behind Sonicwall on IIS 7.5
I have 2 servers that are in need of HTTPS (both have valid SSL certs), both running Windows Server 2008 R2 64 bit, one with Exchange 2010 and the other with various IIS / internet related apps, roles and features installed.
They are both behind a Sonicwall TZ190. The Exchange one needs HTTPS for OWA and ActiveSynch, the other needs it for authenticating the fairly complex intranet site against AD.
I can't assign them both HTTPS traffic in Sonicwall CP because that breaks both. I don't know if this is a Sonicwall fix or an IIS one, either way they need to both work.
What should I do?
They are both behind a Sonicwall TZ190. The Exchange one needs HTTPS for OWA and ActiveSynch, the other needs it for authenticating the fairly complex intranet site against AD.
I can't assign them both HTTPS traffic in Sonicwall CP because that breaks both. I don't know if this is a Sonicwall fix or an IIS one, either way they need to both work.
What should I do?
Getsum_Bloodlust
by assigning HTTPS traffic i am assuming you are opening up port 443 to the internal IP address(s)?
ASKER
Yes, port 443 is open on Sonicwall already, you just have to assign it to an internal IP. It doesn't like it when you assign it to more than one.
I am not familiar with sonicwall. With Cisco, i create a incoming rule for each ip and what services it needs.
For now, let's consider IIS side working as you have two different servers that hopefully work internally to serve up HTTPS. Although, if the answers to some of my SonicWall/ISP questions below cause an issue, then an IIS fix would be to configure an alternative SSL port. For example, a traditional one is 8443.
Okay. As indicated, SonicWall does support assigning different NATs -- though, mine is a TZ 170 Enhanced, so double check TZ 190. For me it shows up under Network tab as Address Objects and NAT Policies and under Firewall is the Services where you define the ports you want open for a specific service/address object.
How many public IP addresses do you have?
When you say enable SSL, is that on SonicWall's main IP address, i.e., port forwarding? I know my SonicWall uses SSL on the WAN side to access the management page; therefore, if you are using port forwarding off the single IP address belonging to the SW router itself that may cause trouble.
Will stop at that until we see where you are.
Okay. As indicated, SonicWall does support assigning different NATs -- though, mine is a TZ 170 Enhanced, so double check TZ 190. For me it shows up under Network tab as Address Objects and NAT Policies and under Firewall is the Services where you define the ports you want open for a specific service/address object.
How many public IP addresses do you have?
When you say enable SSL, is that on SonicWall's main IP address, i.e., port forwarding? I know my SonicWall uses SSL on the WAN side to access the management page; therefore, if you are using port forwarding off the single IP address belonging to the SW router itself that may cause trouble.
Will stop at that until we see where you are.
ASKER
I am not sure how to change the port on SSL.
I know the basics of hooking up stuff on Sonicwall, it also has some complicated stuff on it for a VPN and a VoIP phone system that a 3rd set up a while back that I need to be careful not to break.
I have 2 public IPs available through 2 different ISPs.
It only seems to have one port 443 for both public IPs. I dunno how to change / fix that.
I know the basics of hooking up stuff on Sonicwall, it also has some complicated stuff on it for a VPN and a VoIP phone system that a 3rd set up a while back that I need to be careful not to break.
I have 2 public IPs available through 2 different ISPs.
It only seems to have one port 443 for both public IPs. I dunno how to change / fix that.
Do you see the tabs down the left I do, i.e., Network and Firewall? Or do you see someone to specify ports to forward? You can usually add one and point it where you want.
ASKER
I see the menu, but there are tons of entries already and I am not sure how to add what I need to or where.
Yes you can do this. First need to know if on your LAN, do each of these servers now have a different ip address? if not, is the OWA access like https://www.mydomain.com/owa or something similar.
Or if different, please advise.
Or if different, please advise.
ASKER
Yes they have unique IP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, I agree. I usually do these manually, but the public server wizard does work nicely.
ASKER
Worked great. Thanks