Solved

Sonicwall needs to configure to access web server(sharepoint) with DDNS host name

Posted on 2013-10-28
6
2,032 Views
Last Modified: 2013-11-24
I have two WAN IP

X1 - static IP and which is configured and working well, no issues.

I can reach web server via X0!

X2 - Dynamic IP from the ISP so configured DDNS with No-IP and trying to reach web server but no luck!

Here comes I need your help
0
Comment
Question by:Shab
  • 2
  • 2
  • 2
6 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39607502
run the external server wizard. you need the right port forwarding to go from your x2 ip to the internal ip.
0
 
LVL 1

Author Comment

by:Shab
ID: 39607848
could you please elaborate ? I tried different ways in several times but no luck!
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39609285
http://community.spiceworks.com/how_to/show/2577-post-forwarding-using-nat-on-sonicwall-devices

just make sure to change the public ip to the one on the x2 interface. This will create an address object called server-public or whatever the server name is. Then if your ip ever changes, you just change the ip of the address object in one place.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:Shab
ID: 39610793
As I mentioned I tried all those options even manual entries!
But for some reason we cannot access web server with ddns domain name! I hope that is possible?
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39610873
Hi petertwliu,

What you are trying to achieve is doable provided you have a NGFW. I have setup this up on my end and it works perfectly.

What SonicWALL model and firmware version?

Depending on these answers...it may not be possible to do on the gear/firmware you have.
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39610945
This is assuming you have a compatible model/firmware.

I have verified this setup on my end - it works perfectly. It has also been verified by SonicWALL L2 support as a fully supported functionality. If you still can't access it then either a) you are not setting it up correctly (or following the steps we have provided) or b) it is an issue with the web server.

Here is the recommended way to do this:

1. Make sure your SonicOS firmware is up-to-date (at least 5.8.1.13 as the previous version had a DDNS bug).
2. Make sure you have setup the Secondary WAN Interface correctly - can you pass any traffic on it?
3. Setup DDNS and bound it to X2. Make sure the status is displaying "online".
4. Use the Public Wizard to setup access to the Web Server and select Web Server from the drop down.
The Public Wizard will setup the following items automatically:
      Server Address Objects
      1. Create "SharePoint Server (private)" assigned to LAN Zone for Host 10.10.10.1.
      2. Reuse "WAN Primary IP" address object assigned to WAN Zone for 1.1.1.1.

      Server Service Group Object
      1. Create "SharePoint Server (private) Services" with HTTP and HTTPS Services.

      Server NAT Policies
      1. Create Inbound Server NAT Policy to rewrite packets to original destination "WAN Primary IP" to translated destination "SharePoint Server (private)".
      2. Create Outbound Server NAT Policy to rewrite packets from "SharePoint Server (private)" to translated source "WAN Primary IP".
      3. Create Loopback NAT Policy to allow access from all internal zones to the server at public IP address 1.1.1.1.

      Server Access Rules
      1. WAN > LAN - Allow "Any" to "WAN Primary IP" for Service Group "SharePoint Server (private) Services".
      Similar rules will be created from all lower security zones to the LAN zone.

5. Now all you need to do is go into the NAT Policies and Access Rules to change WAN Primary IP to WAN Secondary IP or X2.

Therefore your Access Rule should read as follows:

From: WAN
To: LAN
Priority: <auto-generated>
Source: Any
Destination: WAN Secondary IP or X2
Service: SharePoint Server (private) Services
Action: Allow
Users Incl.: All
Users Excl.: None

Your NAT Policies should read like this:

INBOUND
Original Source: Any
Translated Source: Original
Original Destination: WAN Secondary IP or X2
Translated Destination: SharePoint Server (private)
Original Service: SharePoint Server (private) Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Comment: <whatever you want for documentation purposes>

OUTBOUND
Original Source: SharePoint Server (private)
Translated Source: WAN Secondary IP or X2
Original Destination: Any
Translated Destination: Original
Original Service: SharePoint Server (private) Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: X2
Comment: <whatever you want for documentation purposes>

LOOPBACK
Original Source: Firewalled Subnets
Translated Source: WAN Secondary IP or X2
Original Destination: WAN Secondary IP or X2
Translated Destination: SharePoint Server (private)
Original Service: SharePoint Server (private) Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Comment: <whatever you want for documentation purposes>

Try this one last time...as I said it works perfectly on my end...if it still doesn't something is either not being followed or there is an issue with your SharePoint server. Do a Packet Capture to see what is happening to the packets.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now