Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 256
  • Last Modified:

Sonicwall TZ200 Netextender Conflict With SBS 2011 Remote Web Workplace

I have a Windows SBS 2011 server configured with Remote Web Workplace which works fine.  The Sonicwall is also set up with the Global VPN Client and that works fine too.  

The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender.  With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server.  I had to completed remove the NetExtender from the Sonicwall to get RWW working again.

Port 443 is configured to port forward to our Windows SBS Server which also hosts Exchange & OWA.

Any help would be greatly appreciated.

Thanks!
0
nlwtech
Asked:
nlwtech
  • 7
  • 4
  • 2
  • +1
2 Solutions
 
arnoldCommented:
is access to rww contingent on users first connecting/establishing VPN?

Double check what port you use for rww access versus the 4433 that you used for netextender.

When rww gives a certificate issue, does your sbs have its own ca running? Have it sign the extenders certificate. Or add the sonicwalls certificate as trusted.

Double check what rww and from where is seeing the connection.....
0
 
carlmdCommented:
You can change the port that the SSLVPN uses on SSLVPN -> Server Settings
0
 
nlwtechAuthor Commented:
Sorry for the delay.

- No, people do not establish a VPN connection to use RWW
- RWW uses TCP 443 and TCP 987
- There is a CA running on the Windows server for RWW and Exchange.  It does have a valid purchased Certificate installed.
- NetExtender is configured to use port 4433

I thinking that there may be something wrong with the Sonicwall Firewall config.

Thx.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
carlmdCommented:
So why not change NetExtender to some other port?
0
 
nlwtechAuthor Commented:
I thought that since NetExtender is using port 4433, it would not conflict with RWW using port 443.  I don't see how this is causing a conflict?
0
 
carlmdCommented:
Didn't you define the port as a conflict on your original statement?

"The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender.  With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server.  I had to completed remove the NetExtender from the Sonicwall to get RWW working again."
0
 
nlwtechAuthor Commented:
The conflict is that when activating NetExtender on port 4433, the RWW on port 443 no longer works/connects.
0
 
carlmdCommented:
Check Network -> Interfaces -> X1 -> Configure on the General tab do you have Management -> HTTPS checked? If so, accessing the WAN interface on port 443 will automatically invoke the self signed certificate. If checked, uncheck and see if this solves the problem.
0
 
nlwtechAuthor Commented:
No, HTTPS is not checked there.  I do have a Network > Service called "remote web access Services" and that has HTTP, HTTPS and Remote Web Workplace.
0
 
Blue Street TechLast KnightsCommented:
Hi nlwtech,

The ports needed for RWW by default do not conflict SSL-VPN. The only correlating ports are 80 & 443 ONLY if external management is turned on as @carlmd pointed out.

Have you manipulated NAT policies for the SSL-VPN? As a troubleshooting measure you should try changing SSL-VPN port from 4433 to 4444.

Test again and post results.
0
 
nlwtechAuthor Commented:
I changed the SSL-VPN port to 4444 and it does not seem to be causing the problems with RWW anymore.  I'll do some more testing to be sure.
0
 
nlwtechAuthor Commented:
The SSL-VPN Netextender is working fine except for the certificate as it is the default untrusted cert.  I have a certificate installed on our SBS 2011 server for Exchange.  Do I need to purchase a separate SSL certificate for the Sonciwall? or with this conflict with the Exchange certificate??

Thanks!
0
 
arnoldCommented:
It is up to you.  You can have a self signed or a certificate issued by a CA running on your sbs.  One usually only needs a publicly verified certificate when people outside your workplace need to access the resources.  Though the costs are not that much.

I.e. Provide those who will be using the vm the public certificate of the ca issuing certs in your environment.
0
 
nlwtechAuthor Commented:
I haven't been able to work on the certificate issue but the initial problem is resolved.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now