911bob
asked on
Sonicwall TZ 105 allow Lan to pull file from DMZ
Have a Sonicwall TZ105 and the client needs to be able to run a batch file on the LAN side that will pull a file from the DMZ side. This is done periodically based on a task on the LAN Side computer.
What is the best way to do this
What is the best way to do this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If I open the DMZ>Lan for all then the DMZ can browse to the lan side
Do you mean you want to access a lan resource from dmz. We can limit the access by selectively allowing any ip for selective services.
ASKER
NO, From the LAN Side I cannot open the DMZ side
ASKER
lan is 192.168.68.X
DMZ is 192.168.11.X
Trying to open \\192.168.11.14\ from LAN TO dmz
Oddly if I open everything from DMZ to LAN, then I cna ping and can open \\192.168.68\14\ from the DMZ Side.
DMZ is 192.168.11.X
Trying to open \\192.168.11.14\ from LAN TO dmz
Oddly if I open everything from DMZ to LAN, then I cna ping and can open \\192.168.68\14\ from the DMZ Side.
ASKER
2 03/29/2014 10:47:11.832 Notice Network Access UDP packet dropped 192.168.11.14, 137, X4 192.168.68.224, 137, X0 UDP NetBios UDP
3 03/29/2014 10:47:09.736 Notice Network Access TCP connection dropped 192.168.11.14, 49166, X4 192.168.68.224, 445, X0 TCP SMB
4 03/29/2014 10:38:27.832 Notice Network Access TCP connection dropped 192.168.11.14, 49371, X4 192.168.68.224, 445, X0 TCP SMB
5 03/29/2014 10:38:14.304 Notice Network Access ICMP packet dropped due to policy 192.168.11.14, 1, X4 192.168.68.224, 8, X0 ICMP Echo, Code: 0
From log file
3 03/29/2014 10:47:09.736 Notice Network Access TCP connection dropped 192.168.11.14, 49166, X4 192.168.68.224, 445, X0 TCP SMB
4 03/29/2014 10:38:27.832 Notice Network Access TCP connection dropped 192.168.11.14, 49371, X4 192.168.68.224, 445, X0 TCP SMB
5 03/29/2014 10:38:14.304 Notice Network Access ICMP packet dropped due to policy 192.168.11.14, 1, X4 192.168.68.224, 8, X0 ICMP Echo, Code: 0
From log file
ASKER
Well.. now it decided to start working..
Go figure..
I added an ICMP rule on the DMZ to the LAN to allow, Did a ping, and it worked..
I then turned off the ALLOW all from DMZ to LAn and it still works..
I gues patience plays a part.
Go figure..
I added an ICMP rule on the DMZ to the LAN to allow, Did a ping, and it worked..
I then turned off the ALLOW all from DMZ to LAn and it still works..
I gues patience plays a part.
ASKER
Thanks for your help
So the Firewall Access rule from LAN to DMZ is allowed but you can not initiatate a connection from lan to dmz, is that what you experiancing. Please allow the required type of services from lan to dmz if its not already there.
Return traffic from dmz to lan will be allowed.
Return traffic from dmz to lan will be allowed.
The log shows you are initiating the connection from dmz to lan, where it should've been the other way, init.
Good that it works. Thanks.
ASKER
I am fairly sure it was a windows firewall issue on the DMZ Side
ASKER
Everything is open from LAN to DMZ and Everything is denied from DMZ to LAN
Is there any NAT setting that has to be applied?
Trying to browse to a computer on that side using \\192.168.11.14\