Sonicwall TZ 210 Intranet IIS 8

I have a LAN with Dev workstations and a 2012 Server IIS8 and Sonicwall TZ 210. I don't understand why I CAN open our web site using: www.mywebsite.com ,but cannot open it using: 168.192.68.11:80
I used the 'Wizard' to configure the NAT and objects, etc...
WorknHardrAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
MiftaulConnect With a Mentor Commented:
LAN    >    LAN    Any    'LAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

Its strange, by default all traffic is allowed within the zone. Can you check if Interface trust is disabled for LAN zone.

WAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

This is the most important and required rule, and the wizard must have created this rule.
0
 
Schuyler DorseyCommented:
Whenever you PING the public address from an external computer, it would most likely be the firewall responding to the pings, not the webserver.

As far as reaching it via the IP, is your webserver configured to serve up pages when being requested via the IP?

You used the wizard to configure NAT, did you also configure a security policy to allow inbound http traffic?
0
 
MiftaulCommented:
Is 168.192.68.11 your public IP which you port forwarded to internal server.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
WorknHardrAuthor Commented:
Yes, the NAT is configured to forward WAN IP 206...... to LAN IP 168.192.68.11
I'm unsure about the Security Policy settings.
0
 
Schuyler DorseyConnect With a Mentor Commented:
In addition to NAT, you have to setup a security policy in the Sonicwall ACL that will allow that traffic to come inbound.
0
 
MiftaulCommented:
Its called Firewall Access Rule, from WAN to LAN you need to allow http.
0
 
WorknHardrAuthor Commented:
Okay it's working now after adding this Access Rule:

     LAN    >    LAN    Any    'LAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

and keeping these Access Rules:

    WAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled
  WLAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

Now we can access a web site like so: http://168.192.68.11:8082

Now we can access a Web API service like so: http://168.192.68.11:8082/api/values

I also discovered by changing our other IIS webs 'Site Bindings', we can now access each site like: http://168.192.68.11:80 or :8080, etc... and still serve Internet web pages too.

Change Hostname from: 'mycompanyweb.com' to: '' (blank)
0
 
WorknHardrAuthor Commented:
Network -> Zones -> Zone Settings:
[Name]   [Security Type]   [Member Interfaces]   [Interface Trust]
  LAN           Trusted              X0 X3 X4 X5 X6                 Green Ck
 WAN          Untrusted           X1
0
 
MiftaulCommented:
Its strange why it didnt work in the first place, interface trust is enabled. All traffic within LAN zone should've been auto enabled.

Great that its working now.
0
 
WorknHardrAuthor Commented:
Yes, Interface trust & NAT, thx everyone ;)
0
All Courses

From novice to tech pro — start learning today.