Solved

Sonicwall TZ 210 Intranet IIS 8

Posted on 2014-04-07
10
264 Views
Last Modified: 2014-04-08
I have a LAN with Dev workstations and a 2012 Server IIS8 and Sonicwall TZ 210. I don't understand why I CAN open our web site using: www.mywebsite.com ,but cannot open it using: 168.192.68.11:80
I used the 'Wizard' to configure the NAT and objects, etc...
0
Comment
Question by:WorknHardr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39984936
Whenever you PING the public address from an external computer, it would most likely be the firewall responding to the pings, not the webserver.

As far as reaching it via the IP, is your webserver configured to serve up pages when being requested via the IP?

You used the wizard to configure NAT, did you also configure a security policy to allow inbound http traffic?
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39984937
Is 168.192.68.11 your public IP which you port forwarded to internal server.
0
 

Author Comment

by:WorknHardr
ID: 39985714
Yes, the NAT is configured to forward WAN IP 206...... to LAN IP 168.192.68.11
I'm unsure about the Security Policy settings.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Assisted Solution

by:Schuyler Dorsey
Schuyler Dorsey earned 250 total points
ID: 39986079
In addition to NAT, you have to setup a security policy in the Sonicwall ACL that will allow that traffic to come inbound.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39986088
Its called Firewall Access Rule, from WAN to LAN you need to allow http.
0
 

Author Comment

by:WorknHardr
ID: 39986434
Okay it's working now after adding this Access Rule:

     LAN    >    LAN    Any    'LAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

and keeping these Access Rules:

    WAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled
  WLAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

Now we can access a web site like so: http://168.192.68.11:8082

Now we can access a Web API service like so: http://168.192.68.11:8082/api/values

I also discovered by changing our other IIS webs 'Site Bindings', we can now access each site like: http://168.192.68.11:80 or :8080, etc... and still serve Internet web pages too.

Change Hostname from: 'mycompanyweb.com' to: '' (blank)
0
 
LVL 11

Accepted Solution

by:
Miftaul earned 250 total points
ID: 39986454
LAN    >    LAN    Any    'LAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

Its strange, by default all traffic is allowed within the zone. Can you check if Interface trust is disabled for LAN zone.

WAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

This is the most important and required rule, and the wizard must have created this rule.
0
 

Author Comment

by:WorknHardr
ID: 39986541
Network -> Zones -> Zone Settings:
[Name]   [Security Type]   [Member Interfaces]   [Interface Trust]
  LAN           Trusted              X0 X3 X4 X5 X6                 Green Ck
 WAN          Untrusted           X1
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39986584
Its strange why it didnt work in the first place, interface trust is enabled. All traffic within LAN zone should've been auto enabled.

Great that its working now.
0
 

Author Closing Comment

by:WorknHardr
ID: 39986682
Yes, Interface trust & NAT, thx everyone ;)
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question