Learn how to a build a cloud-first strategyRegister Now


WAN to LAN rule not worked behind firewall on Sonicwall NSA 240

Posted on 2012-09-11
Medium Priority
Last Modified: 2013-02-14
Hi All Experts,

I am trying to port forward a custom port on my sonic wall NSA 240 to a system behind my firewall. I need to have http forwarded to this system. rule is working fine from outside, but when I tried to browse this rule behind firewall it fails.


I configured rules on firewall as below

XX.XX.XX.XX:80 ------>AA.AA.AA.AA:8080
so I can access it by following url from outside without any issue
but I awant to access same thing behind firewall but it's not worked


any guidance here would be appreciated.
Question by:Nilesh Havire
  • 4
  • 3
LVL 20

Expert Comment

ID: 38386551
You cannot access a WAN ip address that is on your LAN, from the LAN.

If you want to access that same web server either use the internal (LAN) ip address, or set up (or if you already have one)  a local dns server that returns the lan address for the URL.

Author Comment

by:Nilesh Havire
ID: 38386626
exactly I can access it by LAN IP  but I have configure some ProxyPass rule on My server thats why I need it

<VirtualHost *>
SuexecUserGroup "#1000" "#1000"
ServerName Apps_Name.com
ServerAlias www.Apps_Name.com
DocumentRoot /var/www/Apps_Name/
ErrorLog /var/log/httpd/taaray/error_log
CustomLog /var/log/httpd/Apps_Name/access_log "combined"
ScriptAlias /cgi-bin/ /var/www/Apps_Name/cgi-bin/
DirectoryIndex index.html index.htm index.php
<Directory /var/www/Apps_Name>
    FileETag MTime Size
    AllowOverride All
ProxyPass /Apps_Name/ http://XX.XX.XX.XX/Apps_Name

I am unable to configure Proxypass rule as per below because Apache not taking port no.

is there any other way to resolve this issue,
it was working fine on Cyberoam firewall
LVL 20

Expert Comment

ID: 38386676
Is AA.AA.AA.AA the "real" ip address of the web server?

Are you on a flat lan, no vlans etc?

If AA.AA.AA.AA is the real ip address of the web server, can you ping that address, and if so can you traceroute to it.

If you acutally put http://AA.AA.AA.AA:8080/Apps_Name in the URL, does it work.

If I understand what you are trying to do, you just want to type the http://AA.AA.AA.AA in the url, and not the :8080. Correct?
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.


Author Comment

by:Nilesh Havire
ID: 38386936

I configured rules on firewall as below

XX.XX.XX.XX:80 ------>AA.AA.AA.AA:8080

so I can access my tomcat without 8080 from outside , I have configured ProxyPass on apche for my web application, and  i have configured direct WAN IP in ProxyPass it was working fine when I used Cyberoam UTM because I was able to resolve my DNS behind firewall but on new  Firewall  (Sonicwell ), I am unable to resolve my DNS B/H Firewall thats why I am trying to configure LAN IP with port in Apache but it's fail  if I used any other backend server without port then it's working fine

I hope you understand my issue
LVL 20

Expert Comment

ID: 38387072
Take a look at:


I think if you do this and use http://AA.AA.AA.AA/Apps_Name it should work.

You will not be able to accomplish what you want with the Sonciwall.

Accepted Solution

Nilesh Havire earned 0 total points
ID: 38387698
I have fixed this issue through HA proxy

I have configured HA Proxy on 80 Port &  gave Tomcat as Backend server then apply following rule in Apache

ProxyPass /Apps_Name/ http://HA_Proxy_IP/Apps_Name

Thanks for help

Author Closing Comment

by:Nilesh Havire
ID: 38888362
i have got solution from vendor

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question