How can I access a web server with dynamic IP on sonicwall NSA
How can I access a web server with dynamic IP on sonicwall NSA?
Scenario:
Web server: 10.10.10.1 (LAN)
Sonicwall: No-Ip configured on WAN - it's getting updated with WAN IP
No-IP site: I have created a HOST with CNAME on No-IP called webserver.mydomain.com
What next? Please help!
Scenario:
Web server: 10.10.10.1 (LAN)
Sonicwall: No-Ip configured on WAN - it's getting updated with WAN IP
No-IP site: I have created a HOST with CNAME on No-IP called webserver.mydomain.com
What next? Please help!
Last Comment
ASKER
I have done this with static IP but for the dynamic there is no option!
Does anyone has idea how to bring Dynamic IP masked domain as a pubic IP?
Does anyone has idea how to bring Dynamic IP masked domain as a pubic IP?
as i understood, you already did what you asked for:
you configured no-ip on sonicwall and created a cname on no-ip.
that means that you already made your sonicwall available to the public under webserver.mydomain.com
now you only need to forward all traffic (is it http or https?) to your server on LAN.
you need to create a new firewall rule from wan to lan, allowing http and https traffic to your server (source any; destination your server - you might need to create a new address object to do that; service http; create a second rule for https)
you configured no-ip on sonicwall and created a cname on no-ip.
that means that you already made your sonicwall available to the public under webserver.mydomain.com
now you only need to forward all traffic (is it http or https?) to your server on LAN.
you need to create a new firewall rule from wan to lan, allowing http and https traffic to your server (source any; destination your server - you might need to create a new address object to do that; service http; create a second rule for https)
ASKER
Yes here come the issue!!!
I have done the rule on firewall - all good! but not able to do the NAT on sonicwall!
I can create a address object with FQDN: webserver.mydomain.com
but on the NAT section drop down FQDN address object is not not showing?
Is this possible with sonicwall? using dynamic ip as a public ip for the web server?
I have done the rule on firewall - all good! but not able to do the NAT on sonicwall!
I can create a address object with FQDN: webserver.mydomain.com
but on the NAT section drop down FQDN address object is not not showing?
Is this possible with sonicwall? using dynamic ip as a public ip for the web server?
Attached are the required NAT and firewall rules you'll need. They assume the traffic is going from the WAN zone (X1 interface) to DMZ zone (X2 interface), you'll need to modify them as required.
If you use the address object "X1 IP" or "WAN INTERFACE IP" for the rules, it should automatically populate when your WAN interface receives the IP address.
SonicWALL-Dynamic-IP.txt
If you use the address object "X1 IP" or "WAN INTERFACE IP" for the rules, it should automatically populate when your WAN interface receives the IP address.
SonicWALL-Dynamic-IP.txt
yes it is definitely possible.
your address object needs to reflect the internal IP of your server, not the public fqdn. forget about the public fqdn on sonicwall you do not need it there except in the dynamic dns settings
your address object needs to reflect the internal IP of your server, not the public fqdn. forget about the public fqdn on sonicwall you do not need it there except in the dynamic dns settings
wshty is right.
If you want to have your company domain be the main point to access the server all you have to do is add a CNAME in your External DNS server such as host: @ or www entry: webserver.mydomain.com. This will route all web traffic @ your root or www.domain.com to your web server.
If you want to have your company domain be the main point to access the server all you have to do is add a CNAME in your External DNS server such as host: @ or www entry: webserver.mydomain.com. This will route all web traffic @ your root or www.domain.com to your web server.
ASKER
Guys, you may confused with my question!
I have two WAN IP
X1 - static IP and working well no issues I can reach web server via X0!
X2 - Dynamic IP from the ISP so isntalled No-IP and trying to reach web server but no luck!
Here comes I need your help
I have two WAN IP
X1 - static IP and working well no issues I can reach web server via X0!
X2 - Dynamic IP from the ISP so isntalled No-IP and trying to reach web server but no luck!
Here comes I need your help
Gotcha!
Provided you have already setup the following up, proceed to the next paragraph below.
Create a NAT policy to direct any traffic going to the WAN2 IP(s) to go to the Web Server. Here's how: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=4535
P.S. The Public Server Wizard will do all of this for you.
Let me know how it goes.
Provided you have already setup the following up, proceed to the next paragraph below.
Setup DDNS.
Setup PortShield Groups to allow for 2nd WAN & assign it its own Zone.
Setup an Address Object for the DDNS FQDN.
Create a NAT policy to direct any traffic going to the WAN2 IP(s) to go to the Web Server. Here's how: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=4535
P.S. The Public Server Wizard will do all of this for you.
Let me know how it goes.
I've updated my original attachment. These firewall/NAT rules should work for exactly what you need (i.e. static WAN IP on X1 and dynamic WAN IP on X2).
I highly recommend not using the Public Server Wizard in this case, it will only mess things up for you.
I highly recommend not using the Public Server Wizard in this case, it will only mess things up for you.
ASKER
@N-W, thanks for your assistance!
Could you please make sure your NAT rules are correct! Inbound x2 Outbound x1 ?
Could you please make sure your NAT rules are correct! Inbound x2 Outbound x1 ?
Apologies, it seems I didn't upload the updated attachment in my past post.
Here it is now.
SonicWALL-Dynamic-IP-Updated.txt
Here it is now.
SonicWALL-Dynamic-IP-Updated.txt
@N-W - The Public Server Wizard is a SonicWALL recommended Best Practice...how do you figure that he shouldn't run it? If anything it's a complete approach to getting this up & running quickly. Multiple web servers, multiple WANs...doesn't affect the Wizard either!
Any update on this?
Hi petertwliu,
How's it going? Let me know how I can help. Thanks.
How's it going? Let me know how I can help. Thanks.
ASKER
@Diverseit
Sorry for the delay! I tried but not successful!
Sorry for the delay! I tried but not successful!
Some questions:
2. When you say above "...trying to reach web server but no luck!" Are you try to access the Web Server from it's Public IP or Private IP? Which can you gain access to? If you can access from the Private IP but can't on the Public IP you need a Loopback policy in order to do so. After clicking on Add... under Network > NAT Policies configure the policy as follows:
Please answers these so I can get this up & running for you!
Whats the model # of the NSA (e.g. NSA 220, NSA 3600)?
What SonicOS firmware version are you running?
How do you have the dual WANs configured (e.g. Load balanced, independent, etc)?
When you say,
What SonicOS firmware version are you running?
How do you have the dual WANs configured (e.g. Load balanced, independent, etc)?
X2 - Dynamic IP from the ISP so isntalled No-IP and trying to reach web server but no luck!1. When you say above "...installed No-IP..." what do you mean by that. You shouldn't install anything from them...no agent - nothing. You need to configure it within the SonicWALL under Network > DDNS. Have you done that?
Here comes I need your help
2. When you say above "...trying to reach web server but no luck!" Are you try to access the Web Server from it's Public IP or Private IP? Which can you gain access to? If you can access from the Private IP but can't on the Public IP you need a Loopback policy in order to do so. After clicking on Add... under Network > NAT Policies configure the policy as follows:
Original Source: Firewalled Subnets
Translated Source: WAN Secondary IP or X2
Original Destination: WAN Secondary IP or X2
Translated Destination: Web Server Private IP
Original Service: HTTP
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Comment: Loopback policy
Enable NAT Policy: Checked
Create a reflexive policy: unchecked
Translated Source: WAN Secondary IP or X2
Original Destination: WAN Secondary IP or X2
Translated Destination: Web Server Private IP
Original Service: HTTP
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Comment: Loopback policy
Enable NAT Policy: Checked
Create a reflexive policy: unchecked
Please answers these so I can get this up & running for you!
Did you try my last post?
ASKER
I have two WAN IP
X1 - static IP and working well no issues I can reach web server!
X2 - Dynamic IP from the ISP so configured DDNS (No-IP) and trying to reach web server but no luck!
on the second scenario which is via X2 - I am trying to access it from the DDNS domain name not from the public IP since I don't have a static IP!!!
X1 - static IP and working well no issues I can reach web server!
X2 - Dynamic IP from the ISP so configured DDNS (No-IP) and trying to reach web server but no luck!
on the second scenario which is via X2 - I am trying to access it from the DDNS domain name not from the public IP since I don't have a static IP!!!
For a web server you should really buy another Static IP.
Can you access the web server via the DDNS current IP address?
Have you assigned the DDNS to the correct Interface?
Can you access the web server via the DDNS current IP address?
Have you assigned the DDNS to the correct Interface?
ASKER
Sorry mate, I don't get you now?
I clearly said on my question that I am looking to access web server with DDNS domain name as I don't have static IP on the second scenario which is X2!
My question now is what is the use of DDNS then?
Can you access the web server via the DDNS current IP address?
NO
Have you assigned the DDNS to the correct Interface?
YES
I clearly said on my question that I am looking to access web server with DDNS domain name as I don't have static IP on the second scenario which is X2!
My question now is what is the use of DDNS then?
Can you access the web server via the DDNS current IP address?
NO
Have you assigned the DDNS to the correct Interface?
YES
When I say,
I understand your rhetorical question of what is the point of DDNS, but you must understand it has drawbacks and is not the same as having a static IP. Here are some drawbacks using DDNS vs Static IP:
Are you trying to gain access to the web server from inside or outside the network?
For a web server you should really buy another Static IP.I am giving you the best advise possible as a side note - not to defer from your issue - but rather to provide advice. You should purchase of static IP for a number of reasons including, security, SEO and reliability.
I understand your rhetorical question of what is the point of DDNS, but you must understand it has drawbacks and is not the same as having a static IP. Here are some drawbacks using DDNS vs Static IP:
Degraded Performance - ISP blocks in dynamic pools are typically blacklisted due to the high probability that the previous users could have abused or misused the IPs through SPAM or other illegal means and then you get issued that IP and have to mitigate the repercussions (blacklists, etc.) of others.
Not Reliable - you must rely on a third-party services (No-IP), which increases liability. You must rely on the firewall's manufacturer to create bug-free releases too. Some examples of this are when No-IP suffered a major downage 14 months ago for two days. Another was the SonicWALL SonicOS DDNS SSL bug three versions ago - it plain didn't work until they created a new release!
Security Risks - DDNS is susceptible to DNS Attacks.
Degraded SEO - one of the fundamentals rules in good SEO is to have the same IP address for better search results.
But back to the issue at hand.Are you trying to gain access to the web server from inside or outside the network?
Make sense?
Are you trying to gain access to the web server from inside or outside the network?
ASKER
I've requested that this question be deleted for the following reason:
I will re open this case so some other expert can answer my question!
I am not getting what I want from the attended experts! We are Just wasting both of us time!
I will re open this case so some other expert can answer my question!
I am not getting what I want from the attended experts! We are Just wasting both of us time!
I'm not sure if you are aware of this but we can make a call for more experts if you like so that you can continue the thread with new experts? Just respond either way and let me know. Thanks.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Networking
Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.
102K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
but to make it easier, sonicwall added a wizard on the web interface (top right)
within the wizard you can choose the "public server wizard".
this should do it.