Avatar of kzsigo
kzsigo asked on

Sonicwall NSA 3500 - public server wizard results in dropped packets

I have a sonicwall NSA 3500 sitting at a collocation center.
x0, Lan, 10.1.22.64/24, sits on lan vlan
x1, Wan, 75.75.210.234/24, sits on wan vlan
x2, Dmz, bridged x1, sits on dmz vlan (works fine)

I have a private server,  10.1.22.48 that I want to redirect 75.75.210.227 port 80, 443 requests to.  I've used the public server wizard and it only results in Drop Code 32 Module Id 26 in packet monitor.  I cannot for the life of me get these requests to be accepted and translated.

I have a similar configuration that I used public server to setup for 75.75.210.234->10.1.22.11 and it works great.  Just this new public + private IP do not work.  The private server is accepting requests on both ports.

I have an email server with a public IP on the DMZ vlan that works fine too, although it isn't using public server wizard settings, just firewall rules to allow the traffic through.
Network Management

Avatar of undefined
Last Comment
Miftaul H

8/22/2022 - Mon
Miftaul H

What is the SonicOS version.

You have /24 address for WAN, wow.
ASKER CERTIFIED SOLUTION
lruiz52

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
kzsigo

I tried deleting all of the wizard rules, address objects, and setting them up manually but it did not take, same result.  

I saw the names behind the codes document, but I don't know how to solve the connection cache issue.  It's not the standard firewall blocked rule.  

I changed my DMZ X2 to Transparent mode, and my public servers all of a sudden work; I don't get the drop code, and the packets are forwarded/natted, even load balanced.  

However, now the server that is on the DMZ cannot communicate out X1 (originating from X2).   I'll ask a new question for that.  Thanks.
Miftaul H

Please inform the SonicOS firmware version with your question.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck