Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Sonicwall needs to configure to access web server(sharepoint) with DDNS host name

Posted on 2013-10-28
6
Medium Priority
?
2,420 Views
Last Modified: 2013-11-24
I have two WAN IP

X1 - static IP and which is configured and working well, no issues.

I can reach web server via X0!

X2 - Dynamic IP from the ISP so configured DDNS with No-IP and trying to reach web server but no luck!

Here comes I need your help
0
Comment
Question by:Shab
  • 2
  • 2
  • 2
6 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39607502
run the external server wizard. you need the right port forwarding to go from your x2 ip to the internal ip.
0
 
LVL 1

Author Comment

by:Shab
ID: 39607848
could you please elaborate ? I tried different ways in several times but no luck!
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39609285
http://community.spiceworks.com/how_to/show/2577-post-forwarding-using-nat-on-sonicwall-devices

just make sure to change the public ip to the one on the x2 interface. This will create an address object called server-public or whatever the server name is. Then if your ip ever changes, you just change the ip of the address object in one place.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 1

Author Comment

by:Shab
ID: 39610793
As I mentioned I tried all those options even manual entries!
But for some reason we cannot access web server with ddns domain name! I hope that is possible?
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39610873
Hi petertwliu,

What you are trying to achieve is doable provided you have a NGFW. I have setup this up on my end and it works perfectly.

What SonicWALL model and firmware version?

Depending on these answers...it may not be possible to do on the gear/firmware you have.
0
 
LVL 27

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39610945
This is assuming you have a compatible model/firmware.

I have verified this setup on my end - it works perfectly. It has also been verified by SonicWALL L2 support as a fully supported functionality. If you still can't access it then either a) you are not setting it up correctly (or following the steps we have provided) or b) it is an issue with the web server.

Here is the recommended way to do this:

1. Make sure your SonicOS firmware is up-to-date (at least 5.8.1.13 as the previous version had a DDNS bug).
2. Make sure you have setup the Secondary WAN Interface correctly - can you pass any traffic on it?
3. Setup DDNS and bound it to X2. Make sure the status is displaying "online".
4. Use the Public Wizard to setup access to the Web Server and select Web Server from the drop down.
The Public Wizard will setup the following items automatically:
      Server Address Objects
      1. Create "SharePoint Server (private)" assigned to LAN Zone for Host 10.10.10.1.
      2. Reuse "WAN Primary IP" address object assigned to WAN Zone for 1.1.1.1.

      Server Service Group Object
      1. Create "SharePoint Server (private) Services" with HTTP and HTTPS Services.

      Server NAT Policies
      1. Create Inbound Server NAT Policy to rewrite packets to original destination "WAN Primary IP" to translated destination "SharePoint Server (private)".
      2. Create Outbound Server NAT Policy to rewrite packets from "SharePoint Server (private)" to translated source "WAN Primary IP".
      3. Create Loopback NAT Policy to allow access from all internal zones to the server at public IP address 1.1.1.1.

      Server Access Rules
      1. WAN > LAN - Allow "Any" to "WAN Primary IP" for Service Group "SharePoint Server (private) Services".
      Similar rules will be created from all lower security zones to the LAN zone.

5. Now all you need to do is go into the NAT Policies and Access Rules to change WAN Primary IP to WAN Secondary IP or X2.

Therefore your Access Rule should read as follows:

From: WAN
To: LAN
Priority: <auto-generated>
Source: Any
Destination: WAN Secondary IP or X2
Service: SharePoint Server (private) Services
Action: Allow
Users Incl.: All
Users Excl.: None

Your NAT Policies should read like this:

INBOUND
Original Source: Any
Translated Source: Original
Original Destination: WAN Secondary IP or X2
Translated Destination: SharePoint Server (private)
Original Service: SharePoint Server (private) Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Comment: <whatever you want for documentation purposes>

OUTBOUND
Original Source: SharePoint Server (private)
Translated Source: WAN Secondary IP or X2
Original Destination: Any
Translated Destination: Original
Original Service: SharePoint Server (private) Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: X2
Comment: <whatever you want for documentation purposes>

LOOPBACK
Original Source: Firewalled Subnets
Translated Source: WAN Secondary IP or X2
Original Destination: WAN Secondary IP or X2
Translated Destination: SharePoint Server (private)
Original Service: SharePoint Server (private) Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Comment: <whatever you want for documentation purposes>

Try this one last time...as I said it works perfectly on my end...if it still doesn't something is either not being followed or there is an issue with your SharePoint server. Do a Packet Capture to see what is happening to the packets.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question