Sonicwall NSA 3500 - public server wizard results in dropped packets

I have a sonicwall NSA 3500 sitting at a collocation center.
x0, Lan, 10.1.22.64/24, sits on lan vlan
x1, Wan, 75.75.210.234/24, sits on wan vlan
x2, Dmz, bridged x1, sits on dmz vlan (works fine)

I have a private server,  10.1.22.48 that I want to redirect 75.75.210.227 port 80, 443 requests to.  I've used the public server wizard and it only results in Drop Code 32 Module Id 26 in packet monitor.  I cannot for the life of me get these requests to be accepted and translated.

I have a similar configuration that I used public server to setup for 75.75.210.234->10.1.22.11 and it works great.  Just this new public + private IP do not work.  The private server is accepting requests on both ports.

I have an email server with a public IP on the DMZ vlan that works fine too, although it isn't using public server wizard settings, just firewall rules to allow the traffic through.
kzsigoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MiftaulCommented:
What is the SonicOS version.

You have /24 address for WAN, wow.
lruiz52Commented:
Don't use the wizard and try to do it manually, first create network objects for servers external and internal addresses, then create a 1-to-1 nat policy for incoming traffic, then create an access rule for incoming top 80 and 443 traffic.

Check the link below for how to

http://www.firewalls.com/blog/sonicwall-open-ports/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MiftaulCommented:
The meaning of SonicWall Dropcode and Module ID varies with firmware version. On SonicOS Enhanced 5.8.1.9-43o, Drop Code 32 means "Invalid connection cache", Module Id 26 means Network.

"Drop Code 32 Module Id 26" relates to dropped SSH/HTTPS session.

For more information on Drop Code and Module ID on SonicOS - Here

Sonicwall support documentation on port forwarding - Here
kzsigoAuthor Commented:
I tried deleting all of the wizard rules, address objects, and setting them up manually but it did not take, same result.  

I saw the names behind the codes document, but I don't know how to solve the connection cache issue.  It's not the standard firewall blocked rule.  

I changed my DMZ X2 to Transparent mode, and my public servers all of a sudden work; I don't get the drop code, and the packets are forwarded/natted, even load balanced.  

However, now the server that is on the DMZ cannot communicate out X1 (originating from X2).   I'll ask a new question for that.  Thanks.
MiftaulCommented:
Please inform the SonicOS firmware version with your question.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.