Configure SonicWall TZ205 with SBS/Exchange 2010

I'm configuring a Sonicwall TZ205 with SBS/Exchange 2010 and I am getting network issues where the "server cannot open ports on the router.  Ensure that ports 80, 443 and 987 are opened and pointed the IP address on the server.  If you are using e-mail open port 25 and if you are using VPN, open port 1723."

I used the wizard on Sonicwall TZ205 to create the NAT rules for "SBS1" public and private.  Am I missing something else?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What services did you assign when running the Wizard?  If you chose Mail Server, you will only get port 25, 220 and 143.  

What you can do is go to network --> services and create a new services group adding the ports you need such as 80, 443, 25 and 987 .  You would then go to Network --> Nat policies and edit the rules that were automatically created by the wizard for your web server, making sure to select your new service group instead of the automatically generated one.   Make sure to change all rules that reference your mail server, not just one.  

You then need to go to Firewall -->  Access rules and edit the WAN to lan rule for your server that was automatically generated and again select the service you created.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jvonbakerAuthor Commented:
Thanks.  I actually just did that and it's showing the following ports open:

....still getting error.
Where is this error being generated from?  Have you tried accessing the web mail services from outside?  Can you access them from inside the firewall?  Did you make the changes to each nat rule referencing the email server  as well as the firewall?

Check your nat rules, verify that our external and internal IP is correct
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

jvonbakerAuthor Commented:
Error is being thrown from SBS console -> Network -> Connectivity -> Fix my network.

I can access from inside the firewall.

Yes, made changes to each NAT rule.
Simon Butler (Sembee)ConsultantCommented:
The reason you are getting the error in the SBS console is because it wants to use uPNP to open the ports for you. If you have already opened the ports then that is fine, you don't need to do anything else. It is just the SBS tools cannot see that they are open.

I don't recommend enabling uPNP to allow the error to clear, personally I prefer to know what ports are being opened rather than let the OS do it for me.

Blue Street TechLast KnightCommented:
Hi jvonbaker,

You have been well advised here so I'll just leave you with this additional info.
FYI: If you or your staff need/wish to access this email server from other internal zones using the Public IP address consider creating a Loopback NAT Policy:
Original Source: Firewalled Subnets
Translated Source: MailServer Public
Original Destination: MailServer Public
Translated Destination: MailServer Private
Original Service: MailServer Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Comment: MailServer Loopback policy
Enable NAT Policy: Checked
Create a reflexive policy: unchecked
Let us know if you are still having issues!
Blue Street TechLast KnightCommented:
I re-read through this question...if there is truly issue with communication outside of this tool providing an error then see below.

Change management ports on the SonicWALL. If you have management enabled (HTTP (80) & HTTPS (443)) this will cause issue with connecting to Exchange Server. To correct this simply login to the SonicWALL and change the management ports from 80 & 443 to something else like 8080 & 4444 respectively on the Systems > Administration page. Make sure the new ports are not being used for port forwarding as well.

Please advise. Thanks!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.