Solved

Sonicwall TZ 105 allow Lan to pull file from DMZ

Posted on 2014-03-28
13
622 Views
Last Modified: 2014-03-29
Have a Sonicwall TZ105 and the client needs to be able to run a batch file on the LAN side that will pull a file from the DMZ side. This is done periodically based on a task on the LAN Side computer.

What is the best way to do this
0
Comment
Question by:911bob
  • 8
  • 5
13 Comments
 
LVL 11

Accepted Solution

by:
Miftaul earned 500 total points
ID: 39963236
Access from LAN to DMZ is allowed. So it should work just fine without any additional configuration.
0
 

Author Comment

by:911bob
ID: 39963830
Thats what I thought.. but its not..

Everything is open from LAN to DMZ and Everything is denied from DMZ to LAN

Is there any NAT setting that has to be applied?

Trying to browse to a computer on that side using \\192.168.11.14\
0
 

Author Comment

by:911bob
ID: 39963831
If I open the DMZ>Lan for all then the DMZ can browse to the lan side
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 11

Expert Comment

by:Miftaul
ID: 39963837
Do you mean you want to access a lan resource from dmz. We can limit the access by selectively allowing any ip for selective services.
0
 

Author Comment

by:911bob
ID: 39963842
NO, From the LAN Side I cannot open the DMZ side
0
 

Author Comment

by:911bob
ID: 39963850
lan is 192.168.68.X

DMZ is 192.168.11.X

Trying to open \\192.168.11.14\ from LAN TO dmz

Oddly if I open everything from DMZ to LAN, then I cna ping and can open \\192.168.68\14\ from the DMZ Side.
0
 

Author Comment

by:911bob
ID: 39963858
2 03/29/2014 10:47:11.832 Notice Network Access UDP packet dropped 192.168.11.14, 137, X4 192.168.68.224, 137, X0 UDP NetBios UDP    
3 03/29/2014 10:47:09.736 Notice Network Access TCP connection dropped 192.168.11.14, 49166, X4 192.168.68.224, 445, X0 TCP SMB    
4 03/29/2014 10:38:27.832 Notice Network Access TCP connection dropped 192.168.11.14, 49371, X4 192.168.68.224, 445, X0 TCP SMB    
5 03/29/2014 10:38:14.304 Notice Network Access ICMP packet dropped due to policy 192.168.11.14, 1, X4 192.168.68.224, 8, X0 ICMP Echo, Code: 0

From log file
0
 

Author Comment

by:911bob
ID: 39963862
Well.. now it decided to start working..

Go figure..

I added an ICMP rule on the DMZ to the LAN to allow, Did a ping, and it worked..
I then turned off the ALLOW all from DMZ to LAn and it still works..

I gues patience plays a part.
0
 

Author Closing Comment

by:911bob
ID: 39963864
Thanks for your help
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39963865
So the Firewall Access rule from LAN to DMZ is allowed but you can not initiatate a connection from lan to dmz, is that what you experiancing. Please allow the required type of services from lan to dmz if its not already there.

Return traffic from dmz to lan will be allowed.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39963869
The log shows you are initiating the connection from dmz to lan, where it should've been the other way, init.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39963900
Good that it works. Thanks.
0
 

Author Comment

by:911bob
ID: 39964020
I am fairly sure it was a windows firewall issue on the DMZ Side
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How does VLAN work? Scenario: (please read the question) 11 121
Sonicwall routing between VPNs 5 55
No RSTP between switches 3 61
Pfsense - and other email Servers 8 42
Broadband over Power Lines Broadband over Power Lines is the technology of transmitting computer data through power lines. This method of connectivity allows the user to have access to the internet without having to rely on additional cables, suc…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question