Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS Issue 3rd Party Software

Posted on 2013-11-12
18
Medium Priority
?
332 Views
Last Modified: 2013-11-12
Good Morning-

     My company recently changed to a document/case management software. They have a module that allows attorneys to bill from their iPhones and iPads. I can't get the devices to communicate to the server from the outside. Let me explain how I set it up with guidance from the company. A standard Windows 2003 server is running the software running IIS 5.1.  An A record needed to be created in order for the devices to be able to reach the server from the outside. I can ping the server fine from the outside but the A record was created so the external IP address would resolve to a name. Lets say it's "iaim.website.com". I own "website.com" from Network Solutions as I use it for the company website as well as running Mail.website.com for Exchange.

On my Sonicwall firewall I made a one-to-one NAT so that the public is pointing to the private IP address for the server. I also created an access rule I blanked out the IPs I blanked out the IP's but on the top line I have the external address on both spaces and the bottom spaces I have the internal. I can reach the server internally as an IIS status page is returned. I am unable to reach the address iaim.website.com from the outside. I'm a little new to the DNS aspect of this so if anyone needs anymore information I'll do my best to provide it. Thank you for your time.
0
Comment
Question by:Smp351
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 2
18 Comments
 
LVL 5

Expert Comment

by:abhishek1986
ID: 39641681
What makes you believe that it is a DNS Problem?
To clarify, you can check if the name is being resolved to ip address or not. If you provide the URL, it can be checked from anywhere.
Also, what are the ports that are open for the communication?
Ping test was performed with IP Address or name of the website?
0
 

Author Comment

by:Smp351
ID: 39641698
I'm just assuming it's a DNS issue as I can't get access from the outside but you are right it might not be that.
The person I was dealing with in the company did not mention that I had to open any ports snone were open.
The ping test was performed from the company to the External IP of the server running the service which returned a result.
0
 
LVL 5

Expert Comment

by:abhishek1986
ID: 39641744
If you can provide the url, I can check the DNS issue if it is there.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39641985
Hi Smp351,

What versions is your SonicOS?

Your SonicWALL is very old...and really needs to be upgraded but beside that point it may not be capable of the configuration needed.

If you need to open ports for an application you need to create an Access Rule that reads:
Source: WAN *
Destination: WAN (your WAN Primary IP)


For the NAT policies you'd need three:
Inbound, Outbound and a Loopback (which would allow for access to the domain from within the network - if needed.)

Let me know if you have any questions!
0
 

Author Comment

by:Smp351
ID: 39642170
We are actually in the process of upgrading to a brand new sonicwall. I know for Nat Policies we do not have a loopback process option. We have a Pro 2040 Standard right now that is on SonicOS Standard 3.1.6.6-9s.

Abhishek1986 can I message you the URL? I don't know if you can on this site. I'd just rather not post it on here.
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39642177
Ah, the Standard is the issue...even if you had this old unit but it the Enhanced SonicOS you'd be able to do that.

Did you change the Access Rule as set forth in my comment?

There is no direct messaging feature on EE.

Rather go to the command line in the SonicWALL or on your PC within the network and simply type the ping domain and see if it resolves.
0
 

Author Comment

by:Smp351
ID: 39642185
Alright I'll just post on here. it's <purged>. I'm going to try the Access Rule now but I'm almost positive I did what you said when I was initially setting it up when what they sent me didn't work.
0
 

Author Comment

by:Smp351
ID: 39642191
For WAN am I putting in * for both the address begin and end? Destination LAN is the private IP address correct?
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39642193
You are correct. * = Any.

I get the correct IP from your URL.
0
 

Author Comment

by:Smp351
ID: 39642216
Thank you Diverseit. Yes that is the correct IP address that should resolve from the URL. So is it definitely then my Sonicwall?
0
 

Author Comment

by:Smp351
ID: 39642228
I tried your rule and when I go to the website from my mobile, I don't get the Under Construction page that I should get when I try to go to the website internally. Thank you for your help guys.
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39642235
My pleasure!

I'm almost positive you can't do this due to the inherent limitations of your firewall's SonicOS (beings that it's Standard and not Enhanced).

Can you take a screenshot of your NAT Policy?
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39642277
As a last resort try to match or create a new (higher priority rule) as WAN > LAN with WAN * and LAN being your WAN Primary IP.

Let me know how that goes.
0
 

Author Comment

by:Smp351
ID: 39642424
Thanks Diverseit. I've tried so many combinations. It's not letting me set it as a higher priority possibly as you said because of the OS. My NAT basically says Private range start and it has the internal address. Next line is Public Range start with the external IP. Then it has Range Length which is set to 1.
0
 
LVL 26

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39642525
Yeah, unfortunately this is not going to work due to the version of SonicOS you currently have. Upgrade to a newer SonicWALL and once logged in just use the Wizard link at the top right side of the page and just follow the prompts - it's the most comprehensive and best way to set this up. It will auto-create all the Access Rules, NAT Polices, Service & Address Objects needed to provide this functionality.

If you have trouble with it - add a new question and we'll take care of it for you!

Best of luck!
0
 

Author Comment

by:Smp351
ID: 39642546
Thanks Diverseit. I will try once we put in the new Sonicwall and see if it works. I appreciate all your help today.
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39642577
My pleasure! I'm glad I could help...thanks for the points!
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question