[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 294
  • Last Modified:

How do I browse to a site by name?

I have added a WatchGuard firewall to my network.  I am now using the trusted network for our SBS2011 production work (192.168.50.xx).  I have an existing SBS2003 server that I need to access and have it connected to the OPTIONAL network (192.168.1.xx).  When these were on two separate routers, I could browse to the SBS2003 by using the DNS name (REMOTE.MYDOMAIN.COM).  Any user not connected to the WG can continue to access the SBS2003 server using the REMOTE.MYDOMAIN.COM URL. However, users on the TRUSTED network can no longer resolve this name.  However, I can browse to this server by using the SBS2003 IP address (192.168.1.1).  

What changes do I need to make to browse to this server by name rather than by IP address? I think a DNS entry should do the trick, but adding MYDOMAIN.COM as a new zone will impact the ability to have continued accesss to WWW.MYDOMAIN.COM (which is hosted elsewhere). An entry in each the HOSTS file on each computer on the TRUSTED network may do the trick, but that seems to defeat the "central management" capabilities of the server. Suggestions?
0
mickantone
Asked:
mickantone
  • 3
  • 2
  • 2
1 Solution
 
raysonleeCommented:
Add the domain (MYDOMAIN.COM) in your DNS pointing to 192.168.1.1
Add another entry for WWW.MYDOMAIN.COM to the external hosted IP
0
 
mlchelpCommented:
what does REMOTE.MYDOMAIN.COM resolve to public or private address , if you ping  REMOTE.MYDOMAIN.COM on the trusted side, what ip address does it resolve to, you may have to setup dns rewriting or dns doctoring.
0
 
mickantoneAuthor Commented:
When I ping REMOTE.MYDOMAIN.COM (on the OPTIONAL network) from an EXTERNAL location, it resolves to the correct external address (aaa.bbb.ccc.139) and replies to the ping. When I ping from the TRUSTED network on the WG, it resolves to the correct external address (aaa.bbb.ccc.139), but the "Destination host unreachable" response is returned from the TRUSTED network's external address (aaa.bbb.ccc.138).  However, I can ping and browse to the 192.168.1.1 address successfully.....and it is very quick in responding.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
raysonleeCommented:
That means your firewall has blocked traffic between the external network to the TRUSTED network rather than a DNS issue. Check the access control roles in the firewall.
0
 
mlchelpCommented:
What is happening is that your firewall is most likely trying to route that outside and then it try"s to come back in again and thats where the problem is, its called hair pinning, a way around this is to setup dns doctoring, so when you request the address from dns, it see the public address returned, then intercept it and sends you the private one. Im not sure what your using for dns or what your edge router is but this can be setup on Cisco stuff with a inspection command
0
 
raysonleeCommented:
Can you try add a DNS entry in your SBS2011 server for REMOTE.MYDOMAIN.COM pointing 192.168.1.1? That shouldn't affect other traffic going to your external hosted WWW.MYDOMAIN.COM.
By the way, even if you can ping to the SBS2003 server by name, you might still have problem in accessing other Microsoft applications. Microsoft imposed many restrictions on SBS.
Refer to Design and Licensing Consideration here http://en.wikipedia.org/wiki/Windows_Small_Business_Server
0
 
mickantoneAuthor Commented:
Worked with Watchguard tech support this afternoon.  There may have been multiple issues.  WG Tech was baffled because we could actually ping by name, internal IP, and External IP to the SBS03 server on the OPTIONAL network.....but could not browse to Sharepoint on SBS03 server from TRUSTED network.  Anything from the EXTERNAL network worked perfect. In the end, he suggested that we create a "loopback" configuration for the HTTP and HTTPS policies.  The loopback consisted of defining all three sources (TRUSTED, OPTIONAL, EXTERNAL) to the destination STATIC NAT.  I did try this with only the TRUSTED and EXTERNAL, but I returned to the "ping by name but cannot browse by name" state.  Apparently, all three sources need to be specified to make this operational.  

The purpose of this configuration was to allow continued operation of our SBS03 Sharepoint application while we replaced all the other functions with SBS11.  Sharepoint will eventually be upgraded and placed in the cloud, but we can at least use it in the two standalone networks for now.

Thank you both for your help and insight.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now