Link to home
Start Free TrialLog in
Avatar of mickantone
mickantone

asked on

How do I browse to a site by name?

I have added a WatchGuard firewall to my network.  I am now using the trusted network for our SBS2011 production work (192.168.50.xx).  I have an existing SBS2003 server that I need to access and have it connected to the OPTIONAL network (192.168.1.xx).  When these were on two separate routers, I could browse to the SBS2003 by using the DNS name (REMOTE.MYDOMAIN.COM).  Any user not connected to the WG can continue to access the SBS2003 server using the REMOTE.MYDOMAIN.COM URL. However, users on the TRUSTED network can no longer resolve this name.  However, I can browse to this server by using the SBS2003 IP address (192.168.1.1).  

What changes do I need to make to browse to this server by name rather than by IP address? I think a DNS entry should do the trick, but adding MYDOMAIN.COM as a new zone will impact the ability to have continued accesss to WWW.MYDOMAIN.COM (which is hosted elsewhere). An entry in each the HOSTS file on each computer on the TRUSTED network may do the trick, but that seems to defeat the "central management" capabilities of the server. Suggestions?
Avatar of raysonlee
raysonlee

Add the domain (MYDOMAIN.COM) in your DNS pointing to 192.168.1.1
Add another entry for WWW.MYDOMAIN.COM to the external hosted IP
what does REMOTE.MYDOMAIN.COM resolve to public or private address , if you ping  REMOTE.MYDOMAIN.COM on the trusted side, what ip address does it resolve to, you may have to setup dns rewriting or dns doctoring.
Avatar of mickantone

ASKER

When I ping REMOTE.MYDOMAIN.COM (on the OPTIONAL network) from an EXTERNAL location, it resolves to the correct external address (aaa.bbb.ccc.139) and replies to the ping. When I ping from the TRUSTED network on the WG, it resolves to the correct external address (aaa.bbb.ccc.139), but the "Destination host unreachable" response is returned from the TRUSTED network's external address (aaa.bbb.ccc.138).  However, I can ping and browse to the 192.168.1.1 address successfully.....and it is very quick in responding.
That means your firewall has blocked traffic between the external network to the TRUSTED network rather than a DNS issue. Check the access control roles in the firewall.
ASKER CERTIFIED SOLUTION
Avatar of mlchelp
mlchelp
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Can you try add a DNS entry in your SBS2011 server for REMOTE.MYDOMAIN.COM pointing 192.168.1.1? That shouldn't affect other traffic going to your external hosted WWW.MYDOMAIN.COM.
By the way, even if you can ping to the SBS2003 server by name, you might still have problem in accessing other Microsoft applications. Microsoft imposed many restrictions on SBS.
Refer to Design and Licensing Consideration here http://en.wikipedia.org/wiki/Windows_Small_Business_Server
Worked with Watchguard tech support this afternoon.  There may have been multiple issues.  WG Tech was baffled because we could actually ping by name, internal IP, and External IP to the SBS03 server on the OPTIONAL network.....but could not browse to Sharepoint on SBS03 server from TRUSTED network.  Anything from the EXTERNAL network worked perfect. In the end, he suggested that we create a "loopback" configuration for the HTTP and HTTPS policies.  The loopback consisted of defining all three sources (TRUSTED, OPTIONAL, EXTERNAL) to the destination STATIC NAT.  I did try this with only the TRUSTED and EXTERNAL, but I returned to the "ping by name but cannot browse by name" state.  Apparently, all three sources need to be specified to make this operational.  

The purpose of this configuration was to allow continued operation of our SBS03 Sharepoint application while we replaced all the other functions with SBS11.  Sharepoint will eventually be upgraded and placed in the cloud, but we can at least use it in the two standalone networks for now.

Thank you both for your help and insight.