Solved

Sonicwall TZ215 nat policy

Posted on 2014-03-21
8
803 Views
Last Modified: 2014-03-28
I put in a new sonicwall and the wan static ip is set and the lan ip is set and working.  We have several servers on the opt network.  We are able to get out to the internet on the opt network.  We are having trouble getting packets back in the opt network.

I can see in the logs that rdp, ping, and the software that tries to connect to the ip addresses on the opt network are being blocked.

Any suggestions on the policy I need to get the wan to talk to the opt network would be excellent.
0
Comment
Question by:cnesupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 39947388
run the wizard on each server, this will open up the ports you need to each server IP.

the wizard is in the top right corner
0
 

Author Comment

by:cnesupport
ID: 39947390
Tried that but it isn't just simple port forwarding that needs to be done.
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 39947433
create service objects for the ports you need opened and apply those to the service group used in the nat policies that was created when you ran the wizard.

you may also need to adjust your IDS policy for the opt network, it may be set to block low level threats (icmp, etc)

i would not expose rdp directly on a public ip - use a vpn connection instead
0
Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

 
LVL 1

Expert Comment

by:ZTeck
ID: 39949282
Have you tried to convert the OPT port as a DMZ zone? The, tried again. It maybe simple but can be over looked.
0
 

Accepted Solution

by:
cnesupport earned 0 total points
ID: 39949292
Got the issue resolved. I had to create a bunch of custom nat policies and route statements.
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 39951084
Did my answer not direct you to your solution?  an assist would have been appropriate....
0
 

Author Comment

by:cnesupport
ID: 39951106
I had the issue resolved before you posted that.  I just had not been back here to post about it.  Also I had to manually create everything the wizard did not create the policies I needed in this instance.
0
 

Author Closing Comment

by:cnesupport
ID: 39961066
Found solution on my own.
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question