Solved

DNS Issue 3rd Party Software

Posted on 2013-11-12
18
331 Views
Last Modified: 2013-11-12
Good Morning-

     My company recently changed to a document/case management software. They have a module that allows attorneys to bill from their iPhones and iPads. I can't get the devices to communicate to the server from the outside. Let me explain how I set it up with guidance from the company. A standard Windows 2003 server is running the software running IIS 5.1.  An A record needed to be created in order for the devices to be able to reach the server from the outside. I can ping the server fine from the outside but the A record was created so the external IP address would resolve to a name. Lets say it's "iaim.website.com". I own "website.com" from Network Solutions as I use it for the company website as well as running Mail.website.com for Exchange.

On my Sonicwall firewall I made a one-to-one NAT so that the public is pointing to the private IP address for the server. I also created an access rule I blanked out the IPs I blanked out the IP's but on the top line I have the external address on both spaces and the bottom spaces I have the internal. I can reach the server internally as an IIS status page is returned. I am unable to reach the address iaim.website.com from the outside. I'm a little new to the DNS aspect of this so if anyone needs anymore information I'll do my best to provide it. Thank you for your time.
0
Comment
Question by:Smp351
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 2
18 Comments
 
LVL 5

Expert Comment

by:abhishek1986
ID: 39641681
What makes you believe that it is a DNS Problem?
To clarify, you can check if the name is being resolved to ip address or not. If you provide the URL, it can be checked from anywhere.
Also, what are the ports that are open for the communication?
Ping test was performed with IP Address or name of the website?
0
 

Author Comment

by:Smp351
ID: 39641698
I'm just assuming it's a DNS issue as I can't get access from the outside but you are right it might not be that.
The person I was dealing with in the company did not mention that I had to open any ports snone were open.
The ping test was performed from the company to the External IP of the server running the service which returned a result.
0
 
LVL 5

Expert Comment

by:abhishek1986
ID: 39641744
If you can provide the url, I can check the DNS issue if it is there.
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 25

Expert Comment

by:Diverse IT
ID: 39641985
Hi Smp351,

What versions is your SonicOS?

Your SonicWALL is very old...and really needs to be upgraded but beside that point it may not be capable of the configuration needed.

If you need to open ports for an application you need to create an Access Rule that reads:
Source: WAN *
Destination: WAN (your WAN Primary IP)


For the NAT policies you'd need three:
Inbound, Outbound and a Loopback (which would allow for access to the domain from within the network - if needed.)

Let me know if you have any questions!
0
 

Author Comment

by:Smp351
ID: 39642170
We are actually in the process of upgrading to a brand new sonicwall. I know for Nat Policies we do not have a loopback process option. We have a Pro 2040 Standard right now that is on SonicOS Standard 3.1.6.6-9s.

Abhishek1986 can I message you the URL? I don't know if you can on this site. I'd just rather not post it on here.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39642177
Ah, the Standard is the issue...even if you had this old unit but it the Enhanced SonicOS you'd be able to do that.

Did you change the Access Rule as set forth in my comment?

There is no direct messaging feature on EE.

Rather go to the command line in the SonicWALL or on your PC within the network and simply type the ping domain and see if it resolves.
0
 

Author Comment

by:Smp351
ID: 39642185
Alright I'll just post on here. it's <purged>. I'm going to try the Access Rule now but I'm almost positive I did what you said when I was initially setting it up when what they sent me didn't work.
0
 

Author Comment

by:Smp351
ID: 39642191
For WAN am I putting in * for both the address begin and end? Destination LAN is the private IP address correct?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39642193
You are correct. * = Any.

I get the correct IP from your URL.
0
 

Author Comment

by:Smp351
ID: 39642216
Thank you Diverseit. Yes that is the correct IP address that should resolve from the URL. So is it definitely then my Sonicwall?
0
 

Author Comment

by:Smp351
ID: 39642228
I tried your rule and when I go to the website from my mobile, I don't get the Under Construction page that I should get when I try to go to the website internally. Thank you for your help guys.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39642235
My pleasure!

I'm almost positive you can't do this due to the inherent limitations of your firewall's SonicOS (beings that it's Standard and not Enhanced).

Can you take a screenshot of your NAT Policy?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39642277
As a last resort try to match or create a new (higher priority rule) as WAN > LAN with WAN * and LAN being your WAN Primary IP.

Let me know how that goes.
0
 

Author Comment

by:Smp351
ID: 39642424
Thanks Diverseit. I've tried so many combinations. It's not letting me set it as a higher priority possibly as you said because of the OS. My NAT basically says Private range start and it has the internal address. Next line is Public Range start with the external IP. Then it has Range Length which is set to 1.
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39642525
Yeah, unfortunately this is not going to work due to the version of SonicOS you currently have. Upgrade to a newer SonicWALL and once logged in just use the Wizard link at the top right side of the page and just follow the prompts - it's the most comprehensive and best way to set this up. It will auto-create all the Access Rules, NAT Polices, Service & Address Objects needed to provide this functionality.

If you have trouble with it - add a new question and we'll take care of it for you!

Best of luck!
0
 

Author Comment

by:Smp351
ID: 39642546
Thanks Diverseit. I will try once we put in the new Sonicwall and see if it works. I appreciate all your help today.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39642577
My pleasure! I'm glad I could help...thanks for the points!
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question