[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Sonicwall TZ 210 Intranet IIS 8

Posted on 2014-04-07
10
Medium Priority
?
267 Views
Last Modified: 2014-04-08
I have a LAN with Dev workstations and a 2012 Server IIS8 and Sonicwall TZ 210. I don't understand why I CAN open our web site using: www.mywebsite.com ,but cannot open it using: 168.192.68.11:80
I used the 'Wizard' to configure the NAT and objects, etc...
0
Comment
Question by:WorknHardr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39984936
Whenever you PING the public address from an external computer, it would most likely be the firewall responding to the pings, not the webserver.

As far as reaching it via the IP, is your webserver configured to serve up pages when being requested via the IP?

You used the wizard to configure NAT, did you also configure a security policy to allow inbound http traffic?
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39984937
Is 168.192.68.11 your public IP which you port forwarded to internal server.
0
 

Author Comment

by:WorknHardr
ID: 39985714
Yes, the NAT is configured to forward WAN IP 206...... to LAN IP 168.192.68.11
I'm unsure about the Security Policy settings.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Assisted Solution

by:Schuyler Dorsey
Schuyler Dorsey earned 1000 total points
ID: 39986079
In addition to NAT, you have to setup a security policy in the Sonicwall ACL that will allow that traffic to come inbound.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39986088
Its called Firewall Access Rule, from WAN to LAN you need to allow http.
0
 

Author Comment

by:WorknHardr
ID: 39986434
Okay it's working now after adding this Access Rule:

     LAN    >    LAN    Any    'LAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

and keeping these Access Rules:

    WAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled
  WLAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

Now we can access a web site like so: http://168.192.68.11:8082

Now we can access a Web API service like so: http://168.192.68.11:8082/api/values

I also discovered by changing our other IIS webs 'Site Bindings', we can now access each site like: http://168.192.68.11:80 or :8080, etc... and still serve Internet web pages too.

Change Hostname from: 'mycompanyweb.com' to: '' (blank)
0
 
LVL 11

Accepted Solution

by:
Miftaul earned 1000 total points
ID: 39986454
LAN    >    LAN    Any    'LAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

Its strange, by default all traffic is allowed within the zone. Can you check if Interface trust is disabled for LAN zone.

WAN    >    LAN    Any    'WAN Interface IP'    'WebSvr11 Services'   Allow   All   Enabled

This is the most important and required rule, and the wizard must have created this rule.
0
 

Author Comment

by:WorknHardr
ID: 39986541
Network -> Zones -> Zone Settings:
[Name]   [Security Type]   [Member Interfaces]   [Interface Trust]
  LAN           Trusted              X0 X3 X4 X5 X6                 Green Ck
 WAN          Untrusted           X1
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39986584
Its strange why it didnt work in the first place, interface trust is enabled. All traffic within LAN zone should've been auto enabled.

Great that its working now.
0
 

Author Closing Comment

by:WorknHardr
ID: 39986682
Yes, Interface trust & NAT, thx everyone ;)
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question