jbobst
asked on
Sonicwall Remote Access
Is there a way to remotely access a Sonicwall appliance simply through the internet? We have TZ150 in another country, and if the VPN is up, I can use the private (192.168.x.x) address to connect to it, but if the VPN goes down, I cannot connect to it using the public address. There is a "Web Management Settings" section in the "Administration" section but it only appears to work with clients on the local area network. I looked in the Sonicwall manual but it didn't mention anything about remote access (that I could find)
ASKER
Thanks for the link diverseit, However, I just cannot get it working. The instructions are simple but it will never connect. I added the firewall access rule, even check the allow fragmented packets, and still I get "problem loading page". I also have a Sonicwall 2040 (basically the exact same user interface as the TZ 150) and I cannot get remote access to that one either. I am at a loss.
Are you using https://your_public_IP? (I'm trying to emphasize the "s")
Is it a static IP or dynamic?
Is it a static IP or dynamic?
ASKER
Yes, definitely adding the "s"...didn't add the .com though. Just the number. I'll try adding a .com but is that correct?
My bad...pure typo...I'm so used to dealing with A Record lookups when logging in, e.g. https://rmc12.domain.com.
No, it's either https://<public_IP> or https://sub-domain.TLD if you have one setup.
No, it's either https://<public_IP> or https://sub-domain.TLD if you have one setup.
Could it be the wrong IP? Is it dynamic or static?
If you login to the console via VPN got to Network > Interfaces and verify the WAN IP otherwise have someone internally go the whatismyip.com and tell you what it is.
Try rebooting the Firewall as well.
If you login to the console via VPN got to Network > Interfaces and verify the WAN IP otherwise have someone internally go the whatismyip.com and tell you what it is.
Try rebooting the Firewall as well.
ASKER
Thanks for the clarification. It's still not working so I am not sure what I am doing wrong.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the information diverseit,
So, I've found out a little more information. First, we also have a Sonicwall 2040 at our main location. I was not able to get it to allow remote access either, even though I followed the instructions. However, I was able to get the ping working on our 2040 but not the remote TZ150. I know for sure I have the correct IP addresses, as both sonicwalls are VPN'd together constantly using the static IP addresses at each location. However, there is one difference on the Taiwan TZ150. They have a dsl line there, and when I look at the WAN settings, they have it set to NAT with DHCP enabled. And, the WAN address is a 192.168.1.X address. So, their ISP must have them behind some other sort of firewall. But, they DO have a static public IP address, and that is how we establish the permanent VPN between the two sites. My 2040 has a static IP address, but it is delivered to us in a more normal way...as the WAN IP in the Sonicwall is the static public IP address. So I am guessing the remote access and ping is not working because of their ISP setup. That still doesn't answer why my 2040 doesn't allow remote https access, but the ping does work.
So, I've found out a little more information. First, we also have a Sonicwall 2040 at our main location. I was not able to get it to allow remote access either, even though I followed the instructions. However, I was able to get the ping working on our 2040 but not the remote TZ150. I know for sure I have the correct IP addresses, as both sonicwalls are VPN'd together constantly using the static IP addresses at each location. However, there is one difference on the Taiwan TZ150. They have a dsl line there, and when I look at the WAN settings, they have it set to NAT with DHCP enabled. And, the WAN address is a 192.168.1.X address. So, their ISP must have them behind some other sort of firewall. But, they DO have a static public IP address, and that is how we establish the permanent VPN between the two sites. My 2040 has a static IP address, but it is delivered to us in a more normal way...as the WAN IP in the Sonicwall is the static public IP address. So I am guessing the remote access and ping is not working because of their ISP setup. That still doesn't answer why my 2040 doesn't allow remote https access, but the ping does work.
Interesting.
The TZ may have a router before it routing the Public IP to it thereby getting the site-to-site VPN to work but if that is the case they would need to possibly add a route, port forward to the TZ's interface to manage it. It seems very odd to have any complicated routing where there is a TZ 150 SonicOS Standard in place...it's the lowest entry point device SonicWALL made at the time. Just seems odd to have a router ahead of it. But I digress.
Let's focus on the 2040. Is it in the States? Can you get login access via VPN? Check it's WAN settings. What type of connection? Is it showing the Public IP there? Can you verify nothing is upstream from it?
Thanks.
The TZ may have a router before it routing the Public IP to it thereby getting the site-to-site VPN to work but if that is the case they would need to possibly add a route, port forward to the TZ's interface to manage it. It seems very odd to have any complicated routing where there is a TZ 150 SonicOS Standard in place...it's the lowest entry point device SonicWALL made at the time. Just seems odd to have a router ahead of it. But I digress.
Let's focus on the 2040. Is it in the States? Can you get login access via VPN? Check it's WAN settings. What type of connection? Is it showing the Public IP there? Can you verify nothing is upstream from it?
Thanks.
Any update on this?
ASKER
Sorry for the delay. Couldn't get to it before the weekend.
The 2040 is in the states and located in the office I work at. I can access it from home (for example) if I connect my laptop to the VPN first and use it's private ip address. If I don't use the VPN and try the https://mypublicipaddress, it does not work. I can verify there is nothing upstream...unlike the Taiwan office.
The 2040 is in the states and located in the office I work at. I can access it from home (for example) if I connect my laptop to the VPN first and use it's private ip address. If I don't use the VPN and try the https://mypublicipaddress, it does not work. I can verify there is nothing upstream...unlike the Taiwan office.
Make sure there are no rules above it. Re-prioritize it if you have to by clicking on the priority arrows and moving it to the top of the list. Then re-test.
Download & install the latest firmware updates available as well.
Download & install the latest firmware updates available as well.
Any update on this??
ASKER
So sorry for the delay diverseit. No update at this time. We are eventually going to be getting rid of this firewall so I am going to have to just address this with what ever product we purchase next. I also have another client with a TZ105 and I could not get that setup either to be accessible from the outside. Very frustrating, but thanks for all the help. I am going to close the question now.
This is frustrating to hear. I have performed remote configuration hundreds of time with no issues whatsoever. There has to be some sort of anomaly going on here. If you have any more questions don't hesitate to open some new questions up...I'd be glad to take a look. Thanks for the points!
Cheers!
Cheers!
Yes, there sure is!
Follow these steps under the SonicOS Standard section to enable Remote Management: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=7946
I'd consider upgrading to a TZ 105 too...the gear you have is EOL (End of Life - no longer supported) and there have been a vast amount of improvements in the newer versions - night and day. All new security appliances come standard with SonicOS Enhanced too.
Let me know if you have any questions!