Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

DNS Issue 3rd Party Software

Good Morning-

     My company recently changed to a document/case management software. They have a module that allows attorneys to bill from their iPhones and iPads. I can't get the devices to communicate to the server from the outside. Let me explain how I set it up with guidance from the company. A standard Windows 2003 server is running the software running IIS 5.1.  An A record needed to be created in order for the devices to be able to reach the server from the outside. I can ping the server fine from the outside but the A record was created so the external IP address would resolve to a name. Lets say it's "iaim.website.com". I own "website.com" from Network Solutions as I use it for the company website as well as running Mail.website.com for Exchange.

On my Sonicwall firewall I made a one-to-one NAT so that the public is pointing to the private IP address for the server. I also created an access rule I blanked out the IPs I blanked out the IP's but on the top line I have the external address on both spaces and the bottom spaces I have the internal. I can reach the server internally as an IIS status page is returned. I am unable to reach the address iaim.website.com from the outside. I'm a little new to the DNS aspect of this so if anyone needs anymore information I'll do my best to provide it. Thank you for your time.
0
Smp351
Asked:
Smp351
  • 8
  • 7
  • 2
1 Solution
 
abhishek1986Commented:
What makes you believe that it is a DNS Problem?
To clarify, you can check if the name is being resolved to ip address or not. If you provide the URL, it can be checked from anywhere.
Also, what are the ports that are open for the communication?
Ping test was performed with IP Address or name of the website?
0
 
Smp351Author Commented:
I'm just assuming it's a DNS issue as I can't get access from the outside but you are right it might not be that.
The person I was dealing with in the company did not mention that I had to open any ports snone were open.
The ping test was performed from the company to the External IP of the server running the service which returned a result.
0
 
abhishek1986Commented:
If you can provide the url, I can check the DNS issue if it is there.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
Blue Street TechLast KnightsCommented:
Hi Smp351,

What versions is your SonicOS?

Your SonicWALL is very old...and really needs to be upgraded but beside that point it may not be capable of the configuration needed.

If you need to open ports for an application you need to create an Access Rule that reads:
Source: WAN *
Destination: WAN (your WAN Primary IP)


For the NAT policies you'd need three:
Inbound, Outbound and a Loopback (which would allow for access to the domain from within the network - if needed.)

Let me know if you have any questions!
0
 
Smp351Author Commented:
We are actually in the process of upgrading to a brand new sonicwall. I know for Nat Policies we do not have a loopback process option. We have a Pro 2040 Standard right now that is on SonicOS Standard 3.1.6.6-9s.

Abhishek1986 can I message you the URL? I don't know if you can on this site. I'd just rather not post it on here.
0
 
Blue Street TechLast KnightsCommented:
Ah, the Standard is the issue...even if you had this old unit but it the Enhanced SonicOS you'd be able to do that.

Did you change the Access Rule as set forth in my comment?

There is no direct messaging feature on EE.

Rather go to the command line in the SonicWALL or on your PC within the network and simply type the ping domain and see if it resolves.
0
 
Smp351Author Commented:
Alright I'll just post on here. it's <purged>. I'm going to try the Access Rule now but I'm almost positive I did what you said when I was initially setting it up when what they sent me didn't work.
0
 
Smp351Author Commented:
For WAN am I putting in * for both the address begin and end? Destination LAN is the private IP address correct?
0
 
Blue Street TechLast KnightsCommented:
You are correct. * = Any.

I get the correct IP from your URL.
0
 
Smp351Author Commented:
Thank you Diverseit. Yes that is the correct IP address that should resolve from the URL. So is it definitely then my Sonicwall?
0
 
Smp351Author Commented:
I tried your rule and when I go to the website from my mobile, I don't get the Under Construction page that I should get when I try to go to the website internally. Thank you for your help guys.
0
 
Blue Street TechLast KnightsCommented:
My pleasure!

I'm almost positive you can't do this due to the inherent limitations of your firewall's SonicOS (beings that it's Standard and not Enhanced).

Can you take a screenshot of your NAT Policy?
0
 
Blue Street TechLast KnightsCommented:
As a last resort try to match or create a new (higher priority rule) as WAN > LAN with WAN * and LAN being your WAN Primary IP.

Let me know how that goes.
0
 
Smp351Author Commented:
Thanks Diverseit. I've tried so many combinations. It's not letting me set it as a higher priority possibly as you said because of the OS. My NAT basically says Private range start and it has the internal address. Next line is Public Range start with the external IP. Then it has Range Length which is set to 1.
0
 
Blue Street TechLast KnightsCommented:
Yeah, unfortunately this is not going to work due to the version of SonicOS you currently have. Upgrade to a newer SonicWALL and once logged in just use the Wizard link at the top right side of the page and just follow the prompts - it's the most comprehensive and best way to set this up. It will auto-create all the Access Rules, NAT Polices, Service & Address Objects needed to provide this functionality.

If you have trouble with it - add a new question and we'll take care of it for you!

Best of luck!
0
 
Smp351Author Commented:
Thanks Diverseit. I will try once we put in the new Sonicwall and see if it works. I appreciate all your help today.
0
 
Blue Street TechLast KnightsCommented:
My pleasure! I'm glad I could help...thanks for the points!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 8
  • 7
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now