• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 12328
  • Last Modified:

Sonicwall - Remote Managment via Internet on WAN port

Hello All,

Having a bit of a trouble setting up remote management via internet to one of my Sonicwall TZ100.  

Here is my setup :

-Sonicwall connected directly to the Verizon Optical Terminal
-WAN Port is DHCP assigned an exteral IP address 1.2.3.4
-WAN Port has Management/UserLogin as HTTPS.

*I can login via internal IP through Port X1 LAN or WLAN*

Issues :

When attempting to login via https://1.2.3.4 (external IP) I get cannot find webpage.
0
Coupee46
Asked:
Coupee46
  • 4
  • 3
  • 2
1 Solution
 
Blue Street TechLast KnightCommented:
Hi Coupee46,

This is all you have to do to enable remote management: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=7946

If you only enable HTTPS and do not have the HTTP to HTTPS redirection rule in place, make sure you type in https://1.2.3.4

It sounds like you have a dynamic Public IP, in which case it could have already changed. I'd recommend getting a static Public IP if possible but in the event you can't enable DDNS.

Go to http://dyn.com and setup a free account.

Then enable DDNS in your firewall, here how:
Log into the firewall.
Go to Network > Dynamic DNS
Click Add...
Under Provider:, select DynDNS.org
User Name: {put in the username you created in the dyn.com account}
Password: {put in the Password you created in the dyn.com account}
Domain Name: {put in the Domain Name you created in the dyn.com account} e.g. xyz.dynalias.com
Service Type: Dynamic
Click OK.

There was a bug found in previous firmware versions so make sure you have upgraded your firmware to at least SonicOS 5.8.1.12-65o. Here's how to upgrade: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5640

Once this is all setup you will use the DYN.com domain name in the URL instead of the Public IP address, e.g. https://xyz.dynalias.com to access your firewall remotely.

Let me know if you still have issues.
0
 
big_daddy0690Commented:
Is ping enabled on the WAN interface and can you ping it successfully?

Check that the HTTPS administration port has not been changed (System -> Administration).

Do you have the auto added HTTPS management rule?
0
 
Blue Street TechLast KnightCommented:
Also, keep in mind that by design/default you can only access the management interface of the Zone you are connected to. In other words you will not be able to access the management interface WAN or WLAN, etc if you are connected to the LAN Zone as there is no point to do so. That said make sure you are truly remote and not connected to any of the firewalled Zones.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Coupee46Author Commented:
Thank you all for the replies..

Diversiet,

-From that link, I have done the first procedure, but the Firewall > Access Rules, that could be the issue.. because I never did that.  I dont reccall doing this for another Sonicall (exact model) and it works fine.

-I did not enable the http redirection rule, so yes, I am having to do the https://1.2.3.4

-Correct, it is a Dynamic IP and I actually have setup a no-ip.com DNS and I have also configured this into the Sonicwall and verified it was connecting to No-IP.com and assigning the correct IP with no issues.

-I will have to check and see what version Firmware I have and get back to you.

Anyhow, I am remote at the office and still cannot access.. I'll have to go back and setup the Access Rules for HTTPS Management, and give it another whirl.

Big_daddy,

Ping is not enabled.. I did try to enabling the other day, but was still unable to ping the WAN port.. anyhow, I disabled it since it wasn't a big concern to me..

I also verified the HTTPS port is default 443 in System > Admin.


So just to be clear, what I am going to try to do is.. Setup the Access Rule for WAN > WAN Source : Any - Destination : All X1 Management IP - Service : HTTPS Management ?
0
 
Blue Street TechLast KnightCommented:
By placing a check mark next to HTTPS in the Management section within the WAN Interface per that article (https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=7946) it will auto-create the firewall rules for you by default.
So just to be clear, what I am going to try to do is.. Setup the Access Rule for WAN > WAN Source : Any - Destination : All X1 Management IP - Service : HTTPS Management ?
You do not need to do this manually but rather verify it exists by the previous setup I referred to.

Additionally, Ping is does not need to be enabled in order to gain remote access. This will rather be as a troubleshooting step (to see if you can ping the device).

I'd reboot the firewall as well then test the new settings.
0
 
Coupee46Author Commented:
Thanks Diverseit.. I will give that a try and let you know.  

As for PING, I did try to enable it but did not manage a successful ping either.. :/

Anyhow, i'll give it a try and let you know. thanks!
0
 
Coupee46Author Commented:
Diverseit..

It worked.. !

Also, keep in mind that by design/default you can only access the management interface of the Zone you are connected to. In other words you will not be able to access the management interface WAN or WLAN, etc if you are connected to the LAN Zone as there is no point to do so. That said make sure you are truly remote and not connected to any of the firewalled Zones.

It turns out, I wasn't fully remote... It works like a charm now that I am outside the actualy network.  You were right! thank you!
0
 
Blue Street TechLast KnightCommented:
Your welcome...my pleasure! Glad I could help and thanks for the points.
0
 
big_daddy0690Commented:
For future reference you can use tracert to verify the path of your traffic.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now