Link to home
Start Free TrialLog in
Avatar of Coupee46
Coupee46

asked on

Sonicwall - Remote Managment via Internet on WAN port

Hello All,

Having a bit of a trouble setting up remote management via internet to one of my Sonicwall TZ100.  

Here is my setup :

-Sonicwall connected directly to the Verizon Optical Terminal
-WAN Port is DHCP assigned an exteral IP address 1.2.3.4
-WAN Port has Management/UserLogin as HTTPS.

*I can login via internal IP through Port X1 LAN or WLAN*

Issues :

When attempting to login via https://1.2.3.4 (external IP) I get cannot find webpage.
Avatar of Blue Street Tech
Blue Street Tech
Flag of United States of America image

Hi Coupee46,

This is all you have to do to enable remote management: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=7946

If you only enable HTTPS and do not have the HTTP to HTTPS redirection rule in place, make sure you type in https://1.2.3.4

It sounds like you have a dynamic Public IP, in which case it could have already changed. I'd recommend getting a static Public IP if possible but in the event you can't enable DDNS.

Go to http://dyn.com and setup a free account.

Then enable DDNS in your firewall, here how:
Log into the firewall.
Go to Network > Dynamic DNS
Click Add...
Under Provider:, select DynDNS.org
User Name: {put in the username you created in the dyn.com account}
Password: {put in the Password you created in the dyn.com account}
Domain Name: {put in the Domain Name you created in the dyn.com account} e.g. xyz.dynalias.com
Service Type: Dynamic
Click OK.

There was a bug found in previous firmware versions so make sure you have upgraded your firmware to at least SonicOS 5.8.1.12-65o. Here's how to upgrade: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5640

Once this is all setup you will use the DYN.com domain name in the URL instead of the Public IP address, e.g. https://xyz.dynalias.com to access your firewall remotely.

Let me know if you still have issues.
Is ping enabled on the WAN interface and can you ping it successfully?

Check that the HTTPS administration port has not been changed (System -> Administration).

Do you have the auto added HTTPS management rule?
ASKER CERTIFIED SOLUTION
Avatar of Blue Street Tech
Blue Street Tech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Coupee46
Coupee46

ASKER

Thank you all for the replies..

Diversiet,

-From that link, I have done the first procedure, but the Firewall > Access Rules, that could be the issue.. because I never did that.  I dont reccall doing this for another Sonicall (exact model) and it works fine.

-I did not enable the http redirection rule, so yes, I am having to do the https://1.2.3.4

-Correct, it is a Dynamic IP and I actually have setup a no-ip.com DNS and I have also configured this into the Sonicwall and verified it was connecting to No-IP.com and assigning the correct IP with no issues.

-I will have to check and see what version Firmware I have and get back to you.

Anyhow, I am remote at the office and still cannot access.. I'll have to go back and setup the Access Rules for HTTPS Management, and give it another whirl.

Big_daddy,

Ping is not enabled.. I did try to enabling the other day, but was still unable to ping the WAN port.. anyhow, I disabled it since it wasn't a big concern to me..

I also verified the HTTPS port is default 443 in System > Admin.


So just to be clear, what I am going to try to do is.. Setup the Access Rule for WAN > WAN Source : Any - Destination : All X1 Management IP - Service : HTTPS Management ?
By placing a check mark next to HTTPS in the Management section within the WAN Interface per that article (https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=7946) it will auto-create the firewall rules for you by default.
So just to be clear, what I am going to try to do is.. Setup the Access Rule for WAN > WAN Source : Any - Destination : All X1 Management IP - Service : HTTPS Management ?
You do not need to do this manually but rather verify it exists by the previous setup I referred to.

Additionally, Ping is does not need to be enabled in order to gain remote access. This will rather be as a troubleshooting step (to see if you can ping the device).

I'd reboot the firewall as well then test the new settings.
Thanks Diverseit.. I will give that a try and let you know.  

As for PING, I did try to enable it but did not manage a successful ping either.. :/

Anyhow, i'll give it a try and let you know. thanks!
Diverseit..

It worked.. !

Also, keep in mind that by design/default you can only access the management interface of the Zone you are connected to. In other words you will not be able to access the management interface WAN or WLAN, etc if you are connected to the LAN Zone as there is no point to do so. That said make sure you are truly remote and not connected to any of the firewalled Zones.

It turns out, I wasn't fully remote... It works like a charm now that I am outside the actualy network.  You were right! thank you!
Your welcome...my pleasure! Glad I could help and thanks for the points.
For future reference you can use tracert to verify the path of your traffic.