Sonicwall TZ 210 Intranet IIS 8

I have a LAN with Dev workstations and a 2012 Server IIS8 and Sonicwall TZ 210. I don't understand why I CAN open our web site using: www.mywebsite.com ,but cannot open it using: 168.192.68.11:80
I used the 'Wizard' to configure the NAT and objects, etc...
WorknHardrAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
MiftaulConnect With a Mentor Commented:
LAN    >    LAN    Any    'LAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

Its strange, by default all traffic is allowed within the zone. Can you check if Interface trust is disabled for LAN zone.

WAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

This is the most important and required rule, and the wizard must have created this rule.
0
 
Schuyler DorseyCommented:
Whenever you PING the public address from an external computer, it would most likely be the firewall responding to the pings, not the webserver.

As far as reaching it via the IP, is your webserver configured to serve up pages when being requested via the IP?

You used the wizard to configure NAT, did you also configure a security policy to allow inbound http traffic?
0
 
MiftaulCommented:
Is 168.192.68.11 your public IP which you port forwarded to internal server.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
WorknHardrAuthor Commented:
Yes, the NAT is configured to forward WAN IP 206...... to LAN IP 168.192.68.11
I'm unsure about the Security Policy settings.
0
 
Schuyler DorseyConnect With a Mentor Commented:
In addition to NAT, you have to setup a security policy in the Sonicwall ACL that will allow that traffic to come inbound.
0
 
MiftaulCommented:
Its called Firewall Access Rule, from WAN to LAN you need to allow http.
0
 
WorknHardrAuthor Commented:
Okay it's working now after adding this Access Rule:

     LAN    >    LAN    Any    'LAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

and keeping these Access Rules:

    WAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled
  WLAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

Now we can access a web site like so: http://168.192.68.11:8082

Now we can access a Web API service like so: http://168.192.68.11:8082/api/values

I also discovered by changing our other IIS webs 'Site Bindings', we can now access each site like: http://168.192.68.11:80 or :8080, etc... and still serve Internet web pages too.

Change Hostname from: 'mycompanyweb.com' to: '' (blank)
0
 
WorknHardrAuthor Commented:
Network -> Zones -> Zone Settings:
[Name]   [Security Type]   [Member Interfaces]   [Interface Trust]
  LAN           Trusted              X0 X3 X4 X5 X6                 Green Ck
 WAN          Untrusted           X1
0
 
MiftaulCommented:
Its strange why it didnt work in the first place, interface trust is enabled. All traffic within LAN zone should've been auto enabled.

Great that its working now.
0
 
WorknHardrAuthor Commented:
Yes, Interface trust & NAT, thx everyone ;)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.