Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SonicWALL Loopback NAT Policy

Posted on 2014-11-25
8
Medium Priority
?
754 Views
Last Modified: 2015-08-25
Hi, I have started to configure my new NSA 2600 and I have a question about the Loopback NAT Policy and firewalled subnets.

I have setup the following NAT Policy but the firewalled subnets group doesn't appear to list any of my subnets only my two LAN interfaces.

When I try and access the servers web interface from with the building, it fails to load.

Original Source: Firewalled Subnets
Translated Source: Public Address of Server
Original Destination: Public Address of Server
Translated Destination: Local Address of Server
Original Service: HTTPS
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any

If I create my own address group listing my Internal Subnets as the Original Source, the policy works as expected and I can access the servers web interface from within the building.

Is there any reason why my LAN subnets are not listed in the Firewall Subnets group?

I have Route Polices configured for each of my LAN subnets and they can all access the internet.
0
Comment
Question by:Tech Man
  • 4
  • 4
8 Comments
 
LVL 27

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 40464076
Hi, I'd recommend using the Wizard in the top right corner. It creates all the necessary service, address objects, acres rules and NAT Policies automatically. Select whichever type of server you prefer in the Wizard.
0
 
LVL 1

Author Comment

by:Tech Man
ID: 40469702
Hi, I have used the Wizard, but the loopback still fails.

What I did to make it work was create my own address objects equivalent of Firewalled Subnets adding in the subnets behind the firewall.

I then used this address group as the Original Source in the NAT loopback rule.
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 40476115
I'd take a deep look into your configuration although you got it to work by creating another Object that is supposed to do what Firewalled Subnets does by default, something sounds way off. Firewalled Subnets includes everything Firewalled, hence their name...LAN, LAN2, WLAN, etc. If that isn't functioning correctly I wonder what else isn't?

Anyway, I'd update the SonicOS to the latest General Release and see if it "fixes" the issue (opposed to a workaround). If that doesn't resolve it and you can't figure out why it is functioning that way...I'd personally manually record the settings and wipe it to factory defaults and start building it from scratch. Note, in this case taking a settings backup and then applying it to the newly factory reset would not be advised since the settings are the issue.

Let me know how it goes!
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 1

Author Comment

by:Tech Man
ID: 40480352
It seems to me like the sonicwall is not correctly detecting the subnets behind the firewall.

My network is configured with VLANS for each LAN network segment.

E.g Firewalls on VLAN100, Servers on VLAN10

The firewall is 10.1.100.11 with servers on the 10.1.10.x range.

I have created address groups for each of my LAN side subnets and created route policies for each of them.
Each subnet can access the internet with out issue.

The firewall is running SonicOS Enhanced 6.1.2.3-20n

I have a core switch which has all the VLANS configured on it.
I then have a default route on the core switch the points to the firewall.


Do I need to create sub interfaces on the X0 with all my VLANS?
route-policies.jpg
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 40480616
Each VLAN should have been setup in the Interfaces and Zones pages either as Sub-Interfaces if you want them to share the same Zone or as separate Interfaces.

The Route Policies are simply setup by default...you don't need to adjust those.
0
 
LVL 1

Author Comment

by:Tech Man
ID: 40538998
I posted this question on the Dell Sonicwall forum and they reply with:

Create address groups for each of your LAN side subnets and created route policies for each of them.

So its looks like I answered my own question.
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 40539054
You can accomplish it multiple ways...wizards are undoubtedly the best way to do this. But if you want to setup route policies...it's up to you....I was just providing you with the best practice version of how to do it.

Cheers!
0
 
LVL 1

Author Comment

by:Tech Man
ID: 40539072
No problem, thanks for your input.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This program is used to assist in finding and resolving common problems with wireless connections.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question