Sonicwall - Remote Managment via Internet on WAN port

Hello All,

Having a bit of a trouble setting up remote management via internet to one of my Sonicwall TZ100.  

Here is my setup :

-Sonicwall connected directly to the Verizon Optical Terminal
-WAN Port is DHCP assigned an exteral IP address 1.2.3.4
-WAN Port has Management/UserLogin as HTTPS.

*I can login via internal IP through Port X1 LAN or WLAN*

Issues :

When attempting to login via https://1.2.3.4 (external IP) I get cannot find webpage.
LVL 1
Coupee46Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi Coupee46,

This is all you have to do to enable remote management: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=7946

If you only enable HTTPS and do not have the HTTP to HTTPS redirection rule in place, make sure you type in https://1.2.3.4

It sounds like you have a dynamic Public IP, in which case it could have already changed. I'd recommend getting a static Public IP if possible but in the event you can't enable DDNS.

Go to http://dyn.com and setup a free account.

Then enable DDNS in your firewall, here how:
Log into the firewall.
Go to Network > Dynamic DNS
Click Add...
Under Provider:, select DynDNS.org
User Name: {put in the username you created in the dyn.com account}
Password: {put in the Password you created in the dyn.com account}
Domain Name: {put in the Domain Name you created in the dyn.com account} e.g. xyz.dynalias.com
Service Type: Dynamic
Click OK.

There was a bug found in previous firmware versions so make sure you have upgraded your firmware to at least SonicOS 5.8.1.12-65o. Here's how to upgrade: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5640

Once this is all setup you will use the DYN.com domain name in the URL instead of the Public IP address, e.g. https://xyz.dynalias.com to access your firewall remotely.

Let me know if you still have issues.
big_daddy0690Commented:
Is ping enabled on the WAN interface and can you ping it successfully?

Check that the HTTPS administration port has not been changed (System -> Administration).

Do you have the auto added HTTPS management rule?
Blue Street TechLast KnightCommented:
Also, keep in mind that by design/default you can only access the management interface of the Zone you are connected to. In other words you will not be able to access the management interface WAN or WLAN, etc if you are connected to the LAN Zone as there is no point to do so. That said make sure you are truly remote and not connected to any of the firewalled Zones.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Coupee46Author Commented:
Thank you all for the replies..

Diversiet,

-From that link, I have done the first procedure, but the Firewall > Access Rules, that could be the issue.. because I never did that.  I dont reccall doing this for another Sonicall (exact model) and it works fine.

-I did not enable the http redirection rule, so yes, I am having to do the https://1.2.3.4

-Correct, it is a Dynamic IP and I actually have setup a no-ip.com DNS and I have also configured this into the Sonicwall and verified it was connecting to No-IP.com and assigning the correct IP with no issues.

-I will have to check and see what version Firmware I have and get back to you.

Anyhow, I am remote at the office and still cannot access.. I'll have to go back and setup the Access Rules for HTTPS Management, and give it another whirl.

Big_daddy,

Ping is not enabled.. I did try to enabling the other day, but was still unable to ping the WAN port.. anyhow, I disabled it since it wasn't a big concern to me..

I also verified the HTTPS port is default 443 in System > Admin.


So just to be clear, what I am going to try to do is.. Setup the Access Rule for WAN > WAN Source : Any - Destination : All X1 Management IP - Service : HTTPS Management ?
Blue Street TechLast KnightCommented:
By placing a check mark next to HTTPS in the Management section within the WAN Interface per that article (https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=7946) it will auto-create the firewall rules for you by default.
So just to be clear, what I am going to try to do is.. Setup the Access Rule for WAN > WAN Source : Any - Destination : All X1 Management IP - Service : HTTPS Management ?
You do not need to do this manually but rather verify it exists by the previous setup I referred to.

Additionally, Ping is does not need to be enabled in order to gain remote access. This will rather be as a troubleshooting step (to see if you can ping the device).

I'd reboot the firewall as well then test the new settings.
Coupee46Author Commented:
Thanks Diverseit.. I will give that a try and let you know.  

As for PING, I did try to enable it but did not manage a successful ping either.. :/

Anyhow, i'll give it a try and let you know. thanks!
Coupee46Author Commented:
Diverseit..

It worked.. !

Also, keep in mind that by design/default you can only access the management interface of the Zone you are connected to. In other words you will not be able to access the management interface WAN or WLAN, etc if you are connected to the LAN Zone as there is no point to do so. That said make sure you are truly remote and not connected to any of the firewalled Zones.

It turns out, I wasn't fully remote... It works like a charm now that I am outside the actualy network.  You were right! thank you!
Blue Street TechLast KnightCommented:
Your welcome...my pleasure! Glad I could help and thanks for the points.
big_daddy0690Commented:
For future reference you can use tracert to verify the path of your traffic.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.