Solved

DNS Issue 3rd Party Software

Posted on 2013-11-12
18
323 Views
Last Modified: 2013-11-12
Good Morning-

     My company recently changed to a document/case management software. They have a module that allows attorneys to bill from their iPhones and iPads. I can't get the devices to communicate to the server from the outside. Let me explain how I set it up with guidance from the company. A standard Windows 2003 server is running the software running IIS 5.1.  An A record needed to be created in order for the devices to be able to reach the server from the outside. I can ping the server fine from the outside but the A record was created so the external IP address would resolve to a name. Lets say it's "iaim.website.com". I own "website.com" from Network Solutions as I use it for the company website as well as running Mail.website.com for Exchange.

On my Sonicwall firewall I made a one-to-one NAT so that the public is pointing to the private IP address for the server. I also created an access rule I blanked out the IPs I blanked out the IP's but on the top line I have the external address on both spaces and the bottom spaces I have the internal. I can reach the server internally as an IIS status page is returned. I am unable to reach the address iaim.website.com from the outside. I'm a little new to the DNS aspect of this so if anyone needs anymore information I'll do my best to provide it. Thank you for your time.
0
Comment
Question by:Smp351
  • 8
  • 7
  • 2
18 Comments
 
LVL 5

Expert Comment

by:abhishek1986
ID: 39641681
What makes you believe that it is a DNS Problem?
To clarify, you can check if the name is being resolved to ip address or not. If you provide the URL, it can be checked from anywhere.
Also, what are the ports that are open for the communication?
Ping test was performed with IP Address or name of the website?
0
 

Author Comment

by:Smp351
ID: 39641698
I'm just assuming it's a DNS issue as I can't get access from the outside but you are right it might not be that.
The person I was dealing with in the company did not mention that I had to open any ports snone were open.
The ping test was performed from the company to the External IP of the server running the service which returned a result.
0
 
LVL 5

Expert Comment

by:abhishek1986
ID: 39641744
If you can provide the url, I can check the DNS issue if it is there.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39641985
Hi Smp351,

What versions is your SonicOS?

Your SonicWALL is very old...and really needs to be upgraded but beside that point it may not be capable of the configuration needed.

If you need to open ports for an application you need to create an Access Rule that reads:
Source: WAN *
Destination: WAN (your WAN Primary IP)


For the NAT policies you'd need three:
Inbound, Outbound and a Loopback (which would allow for access to the domain from within the network - if needed.)

Let me know if you have any questions!
0
 

Author Comment

by:Smp351
ID: 39642170
We are actually in the process of upgrading to a brand new sonicwall. I know for Nat Policies we do not have a loopback process option. We have a Pro 2040 Standard right now that is on SonicOS Standard 3.1.6.6-9s.

Abhishek1986 can I message you the URL? I don't know if you can on this site. I'd just rather not post it on here.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39642177
Ah, the Standard is the issue...even if you had this old unit but it the Enhanced SonicOS you'd be able to do that.

Did you change the Access Rule as set forth in my comment?

There is no direct messaging feature on EE.

Rather go to the command line in the SonicWALL or on your PC within the network and simply type the ping domain and see if it resolves.
0
 

Author Comment

by:Smp351
ID: 39642185
Alright I'll just post on here. it's <purged>. I'm going to try the Access Rule now but I'm almost positive I did what you said when I was initially setting it up when what they sent me didn't work.
0
 

Author Comment

by:Smp351
ID: 39642191
For WAN am I putting in * for both the address begin and end? Destination LAN is the private IP address correct?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 24

Expert Comment

by:diverseit
ID: 39642193
You are correct. * = Any.

I get the correct IP from your URL.
0
 

Author Comment

by:Smp351
ID: 39642216
Thank you Diverseit. Yes that is the correct IP address that should resolve from the URL. So is it definitely then my Sonicwall?
0
 

Author Comment

by:Smp351
ID: 39642228
I tried your rule and when I go to the website from my mobile, I don't get the Under Construction page that I should get when I try to go to the website internally. Thank you for your help guys.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39642235
My pleasure!

I'm almost positive you can't do this due to the inherent limitations of your firewall's SonicOS (beings that it's Standard and not Enhanced).

Can you take a screenshot of your NAT Policy?
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39642277
As a last resort try to match or create a new (higher priority rule) as WAN > LAN with WAN * and LAN being your WAN Primary IP.

Let me know how that goes.
0
 

Author Comment

by:Smp351
ID: 39642424
Thanks Diverseit. I've tried so many combinations. It's not letting me set it as a higher priority possibly as you said because of the OS. My NAT basically says Private range start and it has the internal address. Next line is Public Range start with the external IP. Then it has Range Length which is set to 1.
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39642525
Yeah, unfortunately this is not going to work due to the version of SonicOS you currently have. Upgrade to a newer SonicWALL and once logged in just use the Wizard link at the top right side of the page and just follow the prompts - it's the most comprehensive and best way to set this up. It will auto-create all the Access Rules, NAT Polices, Service & Address Objects needed to provide this functionality.

If you have trouble with it - add a new question and we'll take care of it for you!

Best of luck!
0
 

Author Comment

by:Smp351
ID: 39642546
Thanks Diverseit. I will try once we put in the new Sonicwall and see if it works. I appreciate all your help today.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39642577
My pleasure! I'm glad I could help...thanks for the points!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now