Sonicwall NSA 3500 - public server wizard results in dropped packets

I have a sonicwall NSA 3500 sitting at a collocation center.
x0, Lan, 10.1.22.64/24, sits on lan vlan
x1, Wan, 75.75.210.234/24, sits on wan vlan
x2, Dmz, bridged x1, sits on dmz vlan (works fine)

I have a private server,  10.1.22.48 that I want to redirect 75.75.210.227 port 80, 443 requests to.  I've used the public server wizard and it only results in Drop Code 32 Module Id 26 in packet monitor.  I cannot for the life of me get these requests to be accepted and translated.

I have a similar configuration that I used public server to setup for 75.75.210.234->10.1.22.11 and it works great.  Just this new public + private IP do not work.  The private server is accepting requests on both ports.

I have an email server with a public IP on the DMZ vlan that works fine too, although it isn't using public server wizard settings, just firewall rules to allow the traffic through.
kzsigoAsked:
Who is Participating?
 
lruiz52Connect With a Mentor Commented:
Don't use the wizard and try to do it manually, first create network objects for servers external and internal addresses, then create a 1-to-1 nat policy for incoming traffic, then create an access rule for incoming top 80 and 443 traffic.

Check the link below for how to

http://www.firewalls.com/blog/sonicwall-open-ports/
0
 
MiftaulCommented:
What is the SonicOS version.

You have /24 address for WAN, wow.
0
 
MiftaulConnect With a Mentor Commented:
The meaning of SonicWall Dropcode and Module ID varies with firmware version. On SonicOS Enhanced 5.8.1.9-43o, Drop Code 32 means "Invalid connection cache", Module Id 26 means Network.

"Drop Code 32 Module Id 26" relates to dropped SSH/HTTPS session.

For more information on Drop Code and Module ID on SonicOS - Here

Sonicwall support documentation on port forwarding - Here
0
 
kzsigoAuthor Commented:
I tried deleting all of the wizard rules, address objects, and setting them up manually but it did not take, same result.  

I saw the names behind the codes document, but I don't know how to solve the connection cache issue.  It's not the standard firewall blocked rule.  

I changed my DMZ X2 to Transparent mode, and my public servers all of a sudden work; I don't get the drop code, and the packets are forwarded/natted, even load balanced.  

However, now the server that is on the DMZ cannot communicate out X1 (originating from X2).   I'll ask a new question for that.  Thanks.
0
 
MiftaulCommented:
Please inform the SonicOS firmware version with your question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.