Solved

Sonicwall TZ 105 allow Lan to pull file from DMZ

Posted on 2014-03-28
13
629 Views
Last Modified: 2014-03-29
Have a Sonicwall TZ105 and the client needs to be able to run a batch file on the LAN side that will pull a file from the DMZ side. This is done periodically based on a task on the LAN Side computer.

What is the best way to do this
0
Comment
Question by:911bob
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
13 Comments
 
LVL 11

Accepted Solution

by:
Miftaul earned 500 total points
ID: 39963236
Access from LAN to DMZ is allowed. So it should work just fine without any additional configuration.
0
 

Author Comment

by:911bob
ID: 39963830
Thats what I thought.. but its not..

Everything is open from LAN to DMZ and Everything is denied from DMZ to LAN

Is there any NAT setting that has to be applied?

Trying to browse to a computer on that side using \\192.168.11.14\
0
 

Author Comment

by:911bob
ID: 39963831
If I open the DMZ>Lan for all then the DMZ can browse to the lan side
0
Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

 
LVL 11

Expert Comment

by:Miftaul
ID: 39963837
Do you mean you want to access a lan resource from dmz. We can limit the access by selectively allowing any ip for selective services.
0
 

Author Comment

by:911bob
ID: 39963842
NO, From the LAN Side I cannot open the DMZ side
0
 

Author Comment

by:911bob
ID: 39963850
lan is 192.168.68.X

DMZ is 192.168.11.X

Trying to open \\192.168.11.14\ from LAN TO dmz

Oddly if I open everything from DMZ to LAN, then I cna ping and can open \\192.168.68\14\ from the DMZ Side.
0
 

Author Comment

by:911bob
ID: 39963858
2 03/29/2014 10:47:11.832 Notice Network Access UDP packet dropped 192.168.11.14, 137, X4 192.168.68.224, 137, X0 UDP NetBios UDP    
3 03/29/2014 10:47:09.736 Notice Network Access TCP connection dropped 192.168.11.14, 49166, X4 192.168.68.224, 445, X0 TCP SMB    
4 03/29/2014 10:38:27.832 Notice Network Access TCP connection dropped 192.168.11.14, 49371, X4 192.168.68.224, 445, X0 TCP SMB    
5 03/29/2014 10:38:14.304 Notice Network Access ICMP packet dropped due to policy 192.168.11.14, 1, X4 192.168.68.224, 8, X0 ICMP Echo, Code: 0

From log file
0
 

Author Comment

by:911bob
ID: 39963862
Well.. now it decided to start working..

Go figure..

I added an ICMP rule on the DMZ to the LAN to allow, Did a ping, and it worked..
I then turned off the ALLOW all from DMZ to LAn and it still works..

I gues patience plays a part.
0
 

Author Closing Comment

by:911bob
ID: 39963864
Thanks for your help
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39963865
So the Firewall Access rule from LAN to DMZ is allowed but you can not initiatate a connection from lan to dmz, is that what you experiancing. Please allow the required type of services from lan to dmz if its not already there.

Return traffic from dmz to lan will be allowed.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39963869
The log shows you are initiating the connection from dmz to lan, where it should've been the other way, init.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39963900
Good that it works. Thanks.
0
 

Author Comment

by:911bob
ID: 39964020
I am fairly sure it was a windows firewall issue on the DMZ Side
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a how to to configure a UCS Ethernet-uplink portchannel via the console. It is easy to do and can be done quite quickly. In certain versions of the UCS manager the portchannel has issues coming up and this is a workaround. I am…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question