Solved

SonicWALL Loopback NAT Policy

Posted on 2014-11-25
8
447 Views
Last Modified: 2015-08-25
Hi, I have started to configure my new NSA 2600 and I have a question about the Loopback NAT Policy and firewalled subnets.

I have setup the following NAT Policy but the firewalled subnets group doesn't appear to list any of my subnets only my two LAN interfaces.

When I try and access the servers web interface from with the building, it fails to load.

Original Source: Firewalled Subnets
Translated Source: Public Address of Server
Original Destination: Public Address of Server
Translated Destination: Local Address of Server
Original Service: HTTPS
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any

If I create my own address group listing my Internal Subnets as the Original Source, the policy works as expected and I can access the servers web interface from within the building.

Is there any reason why my LAN subnets are not listed in the Firewall Subnets group?

I have Route Polices configured for each of my LAN subnets and they can all access the internet.
0
Comment
Question by:Tech Man
  • 4
  • 4
8 Comments
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 40464076
Hi, I'd recommend using the Wizard in the top right corner. It creates all the necessary service, address objects, acres rules and NAT Policies automatically. Select whichever type of server you prefer in the Wizard.
0
 
LVL 1

Author Comment

by:Tech Man
ID: 40469702
Hi, I have used the Wizard, but the loopback still fails.

What I did to make it work was create my own address objects equivalent of Firewalled Subnets adding in the subnets behind the firewall.

I then used this address group as the Original Source in the NAT loopback rule.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 40476115
I'd take a deep look into your configuration although you got it to work by creating another Object that is supposed to do what Firewalled Subnets does by default, something sounds way off. Firewalled Subnets includes everything Firewalled, hence their name...LAN, LAN2, WLAN, etc. If that isn't functioning correctly I wonder what else isn't?

Anyway, I'd update the SonicOS to the latest General Release and see if it "fixes" the issue (opposed to a workaround). If that doesn't resolve it and you can't figure out why it is functioning that way...I'd personally manually record the settings and wipe it to factory defaults and start building it from scratch. Note, in this case taking a settings backup and then applying it to the newly factory reset would not be advised since the settings are the issue.

Let me know how it goes!
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:Tech Man
ID: 40480352
It seems to me like the sonicwall is not correctly detecting the subnets behind the firewall.

My network is configured with VLANS for each LAN network segment.

E.g Firewalls on VLAN100, Servers on VLAN10

The firewall is 10.1.100.11 with servers on the 10.1.10.x range.

I have created address groups for each of my LAN side subnets and created route policies for each of them.
Each subnet can access the internet with out issue.

The firewall is running SonicOS Enhanced 6.1.2.3-20n

I have a core switch which has all the VLANS configured on it.
I then have a default route on the core switch the points to the firewall.


Do I need to create sub interfaces on the X0 with all my VLANS?
route-policies.jpg
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 40480616
Each VLAN should have been setup in the Interfaces and Zones pages either as Sub-Interfaces if you want them to share the same Zone or as separate Interfaces.

The Route Policies are simply setup by default...you don't need to adjust those.
0
 
LVL 1

Author Comment

by:Tech Man
ID: 40538998
I posted this question on the Dell Sonicwall forum and they reply with:

Create address groups for each of your LAN side subnets and created route policies for each of them.

So its looks like I answered my own question.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 40539054
You can accomplish it multiple ways...wizards are undoubtedly the best way to do this. But if you want to setup route policies...it's up to you....I was just providing you with the best practice version of how to do it.

Cheers!
0
 
LVL 1

Author Comment

by:Tech Man
ID: 40539072
No problem, thanks for your input.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question