Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 268
  • Last Modified:

Sonicwall TZ 210 Intranet IIS 8

I have a LAN with Dev workstations and a 2012 Server IIS8 and Sonicwall TZ 210. I don't understand why I CAN open our web site using: www.mywebsite.com ,but cannot open it using: 168.192.68.11:80
I used the 'Wizard' to configure the NAT and objects, etc...
0
WorknHardr
Asked:
WorknHardr
  • 4
  • 4
  • 2
2 Solutions
 
Schuyler DorseyCommented:
Whenever you PING the public address from an external computer, it would most likely be the firewall responding to the pings, not the webserver.

As far as reaching it via the IP, is your webserver configured to serve up pages when being requested via the IP?

You used the wizard to configure NAT, did you also configure a security policy to allow inbound http traffic?
0
 
MiftaulCommented:
Is 168.192.68.11 your public IP which you port forwarded to internal server.
0
 
WorknHardrAuthor Commented:
Yes, the NAT is configured to forward WAN IP 206...... to LAN IP 168.192.68.11
I'm unsure about the Security Policy settings.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Schuyler DorseyCommented:
In addition to NAT, you have to setup a security policy in the Sonicwall ACL that will allow that traffic to come inbound.
0
 
MiftaulCommented:
Its called Firewall Access Rule, from WAN to LAN you need to allow http.
0
 
WorknHardrAuthor Commented:
Okay it's working now after adding this Access Rule:

     LAN    >    LAN    Any    'LAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

and keeping these Access Rules:

    WAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled
  WLAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

Now we can access a web site like so: http://168.192.68.11:8082

Now we can access a Web API service like so: http://168.192.68.11:8082/api/values

I also discovered by changing our other IIS webs 'Site Bindings', we can now access each site like: http://168.192.68.11:80 or :8080, etc... and still serve Internet web pages too.

Change Hostname from: 'mycompanyweb.com' to: '' (blank)
0
 
MiftaulCommented:
LAN    >    LAN    Any    'LAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

Its strange, by default all traffic is allowed within the zone. Can you check if Interface trust is disabled for LAN zone.

WAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

This is the most important and required rule, and the wizard must have created this rule.
0
 
WorknHardrAuthor Commented:
Network -> Zones -> Zone Settings:
[Name]   [Security Type]   [Member Interfaces]   [Interface Trust]
  LAN           Trusted              X0 X3 X4 X5 X6                 Green Ck
 WAN          Untrusted           X1
0
 
MiftaulCommented:
Its strange why it didnt work in the first place, interface trust is enabled. All traffic within LAN zone should've been auto enabled.

Great that its working now.
0
 
WorknHardrAuthor Commented:
Yes, Interface trust & NAT, thx everyone ;)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now