Solved

on premise exchange 2013 behind sonicwall tz215 with no external owa access

Posted on 2015-01-14
3
244 Views
Last Modified: 2015-01-20
I've got a new on premise exchange 2013 setup behind a sonicwall tz215. Mail is flowing in and out, and https://mail.domain.com/owa works internally, but not externally. DNS appears to be corrrect as everywhere I can think of to check resolves to the proper external IP. As for the sonicwall, I just ran the wizard once for mail server, and once for web server to open the needed ports. I also disabled external web management and set the default http and ssl ports to 81 and 4430 respectively. I can't for the life of me figure out which I can't access owa externally. I believe it may be hampering the autodiscover record process as well, as autodiscover works internally but not externally. A records are in place and correct with the domain host. A proper cert from godaddy is in place and installed, and as I said, mail flows just fine. I don't think its an IIS issue since I can open the site internally, so I'm really leaning towards the firewall. Any suggestions at all would be greatly, greatly appreciated.
0
Comment
Question by:sdholden28
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 19

Expert Comment

by:suriyaehnop
ID: 40550433
On your public DNS, make sure there a records for mail.domain.com and point to external IP address of your sonicwall.
- say mail.domain.com point 202.141.2.1

From your sonicwall, configure NAT (Network Address Translation) to translate 202.141.2.1 to your Microsoft CAS server.

I think your network engineer able to help you with this.
0
 

Accepted Solution

by:
sdholden28 earned 0 total points
ID: 40552217
I ended up contacting sonicwall support since the support agreement is still active, and after double verifying everything else. Sonicwall engineer agreed that the config was good, but packet capture showed dropped packes and no traffice for the http/https rules. He deleted the rules created by the wizard and recreated them. He also gave the new rules highest priority. This resolved the issue.
0
 

Author Closing Comment

by:sdholden28
ID: 40559329
Only one other solution was posted, which had already been done and clearly stated in the question. I resolved the issue myself.
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question