Solved

Sonicwall TZ 105 allow Lan to pull file from DMZ

Posted on 2014-03-28
13
634 Views
Last Modified: 2014-03-29
Have a Sonicwall TZ105 and the client needs to be able to run a batch file on the LAN side that will pull a file from the DMZ side. This is done periodically based on a task on the LAN Side computer.

What is the best way to do this
0
Comment
Question by:911bob
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
13 Comments
 
LVL 11

Accepted Solution

by:
Miftaul earned 500 total points
ID: 39963236
Access from LAN to DMZ is allowed. So it should work just fine without any additional configuration.
0
 

Author Comment

by:911bob
ID: 39963830
Thats what I thought.. but its not..

Everything is open from LAN to DMZ and Everything is denied from DMZ to LAN

Is there any NAT setting that has to be applied?

Trying to browse to a computer on that side using \\192.168.11.14\
0
 

Author Comment

by:911bob
ID: 39963831
If I open the DMZ>Lan for all then the DMZ can browse to the lan side
0
Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

 
LVL 11

Expert Comment

by:Miftaul
ID: 39963837
Do you mean you want to access a lan resource from dmz. We can limit the access by selectively allowing any ip for selective services.
0
 

Author Comment

by:911bob
ID: 39963842
NO, From the LAN Side I cannot open the DMZ side
0
 

Author Comment

by:911bob
ID: 39963850
lan is 192.168.68.X

DMZ is 192.168.11.X

Trying to open \\192.168.11.14\ from LAN TO dmz

Oddly if I open everything from DMZ to LAN, then I cna ping and can open \\192.168.68\14\ from the DMZ Side.
0
 

Author Comment

by:911bob
ID: 39963858
2 03/29/2014 10:47:11.832 Notice Network Access UDP packet dropped 192.168.11.14, 137, X4 192.168.68.224, 137, X0 UDP NetBios UDP    
3 03/29/2014 10:47:09.736 Notice Network Access TCP connection dropped 192.168.11.14, 49166, X4 192.168.68.224, 445, X0 TCP SMB    
4 03/29/2014 10:38:27.832 Notice Network Access TCP connection dropped 192.168.11.14, 49371, X4 192.168.68.224, 445, X0 TCP SMB    
5 03/29/2014 10:38:14.304 Notice Network Access ICMP packet dropped due to policy 192.168.11.14, 1, X4 192.168.68.224, 8, X0 ICMP Echo, Code: 0

From log file
0
 

Author Comment

by:911bob
ID: 39963862
Well.. now it decided to start working..

Go figure..

I added an ICMP rule on the DMZ to the LAN to allow, Did a ping, and it worked..
I then turned off the ALLOW all from DMZ to LAn and it still works..

I gues patience plays a part.
0
 

Author Closing Comment

by:911bob
ID: 39963864
Thanks for your help
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39963865
So the Firewall Access rule from LAN to DMZ is allowed but you can not initiatate a connection from lan to dmz, is that what you experiancing. Please allow the required type of services from lan to dmz if its not already there.

Return traffic from dmz to lan will be allowed.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39963869
The log shows you are initiating the connection from dmz to lan, where it should've been the other way, init.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39963900
Good that it works. Thanks.
0
 

Author Comment

by:911bob
ID: 39964020
I am fairly sure it was a windows firewall issue on the DMZ Side
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question