Improve company productivity with a Business Account.Sign Up

x
?
Solved

Sonicwall needs to configure to access web server(sharepoint) with DDNS host name

Posted on 2013-10-28
6
Medium Priority
?
2,506 Views
Last Modified: 2013-11-24
I have two WAN IP

X1 - static IP and which is configured and working well, no issues.

I can reach web server via X0!

X2 - Dynamic IP from the ISP so configured DDNS with No-IP and trying to reach web server but no luck!

Here comes I need your help
0
Comment
Question by:Shab
  • 2
  • 2
  • 2
6 Comments
 
LVL 40

Expert Comment

by:Aaron Tomosky
ID: 39607502
run the external server wizard. you need the right port forwarding to go from your x2 ip to the internal ip.
0
 
LVL 1

Author Comment

by:Shab
ID: 39607848
could you please elaborate ? I tried different ways in several times but no luck!
0
 
LVL 40

Expert Comment

by:Aaron Tomosky
ID: 39609285
http://community.spiceworks.com/how_to/show/2577-post-forwarding-using-nat-on-sonicwall-devices

just make sure to change the public ip to the one on the x2 interface. This will create an address object called server-public or whatever the server name is. Then if your ip ever changes, you just change the ip of the address object in one place.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
LVL 1

Author Comment

by:Shab
ID: 39610793
As I mentioned I tried all those options even manual entries!
But for some reason we cannot access web server with ddns domain name! I hope that is possible?
0
 
LVL 31

Expert Comment

by:Blue Street Tech
ID: 39610873
Hi petertwliu,

What you are trying to achieve is doable provided you have a NGFW. I have setup this up on my end and it works perfectly.

What SonicWALL model and firmware version?

Depending on these answers...it may not be possible to do on the gear/firmware you have.
0
 
LVL 31

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39610945
This is assuming you have a compatible model/firmware.

I have verified this setup on my end - it works perfectly. It has also been verified by SonicWALL L2 support as a fully supported functionality. If you still can't access it then either a) you are not setting it up correctly (or following the steps we have provided) or b) it is an issue with the web server.

Here is the recommended way to do this:

1. Make sure your SonicOS firmware is up-to-date (at least 5.8.1.13 as the previous version had a DDNS bug).
2. Make sure you have setup the Secondary WAN Interface correctly - can you pass any traffic on it?
3. Setup DDNS and bound it to X2. Make sure the status is displaying "online".
4. Use the Public Wizard to setup access to the Web Server and select Web Server from the drop down.
The Public Wizard will setup the following items automatically:
      Server Address Objects
      1. Create "SharePoint Server (private)" assigned to LAN Zone for Host 10.10.10.1.
      2. Reuse "WAN Primary IP" address object assigned to WAN Zone for 1.1.1.1.

      Server Service Group Object
      1. Create "SharePoint Server (private) Services" with HTTP and HTTPS Services.

      Server NAT Policies
      1. Create Inbound Server NAT Policy to rewrite packets to original destination "WAN Primary IP" to translated destination "SharePoint Server (private)".
      2. Create Outbound Server NAT Policy to rewrite packets from "SharePoint Server (private)" to translated source "WAN Primary IP".
      3. Create Loopback NAT Policy to allow access from all internal zones to the server at public IP address 1.1.1.1.

      Server Access Rules
      1. WAN > LAN - Allow "Any" to "WAN Primary IP" for Service Group "SharePoint Server (private) Services".
      Similar rules will be created from all lower security zones to the LAN zone.

5. Now all you need to do is go into the NAT Policies and Access Rules to change WAN Primary IP to WAN Secondary IP or X2.

Therefore your Access Rule should read as follows:

From: WAN
To: LAN
Priority: <auto-generated>
Source: Any
Destination: WAN Secondary IP or X2
Service: SharePoint Server (private) Services
Action: Allow
Users Incl.: All
Users Excl.: None

Your NAT Policies should read like this:

INBOUND
Original Source: Any
Translated Source: Original
Original Destination: WAN Secondary IP or X2
Translated Destination: SharePoint Server (private)
Original Service: SharePoint Server (private) Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Comment: <whatever you want for documentation purposes>

OUTBOUND
Original Source: SharePoint Server (private)
Translated Source: WAN Secondary IP or X2
Original Destination: Any
Translated Destination: Original
Original Service: SharePoint Server (private) Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: X2
Comment: <whatever you want for documentation purposes>

LOOPBACK
Original Source: Firewalled Subnets
Translated Source: WAN Secondary IP or X2
Original Destination: WAN Secondary IP or X2
Translated Destination: SharePoint Server (private)
Original Service: SharePoint Server (private) Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Comment: <whatever you want for documentation purposes>

Try this one last time...as I said it works perfectly on my end...if it still doesn't something is either not being followed or there is an issue with your SharePoint server. Do a Packet Capture to see what is happening to the packets.
0

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their VPS hosting experience that much smoother.
In short, I will be giving a guide on how to install UNMS on a virtual machine in hyper-v and change the default port for security (you don’t need to have a server, since Windows 10 supports hyper-v)
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Watch the video of Kernel Migrator for SharePoint, which demonstrate the process easily of migration from SharePoint to SharePoint, OneDrive for Business & Google Drive servers, Public Folder to SharePoint, File Server to SharePoint. The tool has va…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question