Solved

Sonicwall TZ200 Netextender Conflict With SBS 2011 Remote Web Workplace

Posted on 2015-02-19
14
223 Views
Last Modified: 2015-03-23
I have a Windows SBS 2011 server configured with Remote Web Workplace which works fine.  The Sonicwall is also set up with the Global VPN Client and that works fine too.  

The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender.  With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server.  I had to completed remove the NetExtender from the Sonicwall to get RWW working again.

Port 443 is configured to port forward to our Windows SBS Server which also hosts Exchange & OWA.

Any help would be greatly appreciated.

Thanks!
0
Comment
Question by:nlwtech
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
is access to rww contingent on users first connecting/establishing VPN?

Double check what port you use for rww access versus the 4433 that you used for netextender.

When rww gives a certificate issue, does your sbs have its own ca running? Have it sign the extenders certificate. Or add the sonicwalls certificate as trusted.

Double check what rww and from where is seeing the connection.....
0
 
LVL 20

Accepted Solution

by:
carlmd earned 250 total points
Comment Utility
You can change the port that the SSLVPN uses on SSLVPN -> Server Settings
0
 

Author Comment

by:nlwtech
Comment Utility
Sorry for the delay.

- No, people do not establish a VPN connection to use RWW
- RWW uses TCP 443 and TCP 987
- There is a CA running on the Windows server for RWW and Exchange.  It does have a valid purchased Certificate installed.
- NetExtender is configured to use port 4433

I thinking that there may be something wrong with the Sonicwall Firewall config.

Thx.
0
 
LVL 20

Expert Comment

by:carlmd
Comment Utility
So why not change NetExtender to some other port?
0
 

Author Comment

by:nlwtech
Comment Utility
I thought that since NetExtender is using port 4433, it would not conflict with RWW using port 443.  I don't see how this is causing a conflict?
0
 
LVL 20

Expert Comment

by:carlmd
Comment Utility
Didn't you define the port as a conflict on your original statement?

"The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender.  With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server.  I had to completed remove the NetExtender from the Sonicwall to get RWW working again."
0
 

Author Comment

by:nlwtech
Comment Utility
The conflict is that when activating NetExtender on port 4433, the RWW on port 443 no longer works/connects.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 20

Expert Comment

by:carlmd
Comment Utility
Check Network -> Interfaces -> X1 -> Configure on the General tab do you have Management -> HTTPS checked? If so, accessing the WAN interface on port 443 will automatically invoke the self signed certificate. If checked, uncheck and see if this solves the problem.
0
 

Author Comment

by:nlwtech
Comment Utility
No, HTTPS is not checked there.  I do have a Network > Service called "remote web access Services" and that has HTTP, HTTPS and Remote Web Workplace.
0
 
LVL 24

Assisted Solution

by:diverseit
diverseit earned 250 total points
Comment Utility
Hi nlwtech,

The ports needed for RWW by default do not conflict SSL-VPN. The only correlating ports are 80 & 443 ONLY if external management is turned on as @carlmd pointed out.

Have you manipulated NAT policies for the SSL-VPN? As a troubleshooting measure you should try changing SSL-VPN port from 4433 to 4444.

Test again and post results.
0
 

Author Comment

by:nlwtech
Comment Utility
I changed the SSL-VPN port to 4444 and it does not seem to be causing the problems with RWW anymore.  I'll do some more testing to be sure.
0
 

Author Comment

by:nlwtech
Comment Utility
The SSL-VPN Netextender is working fine except for the certificate as it is the default untrusted cert.  I have a certificate installed on our SBS 2011 server for Exchange.  Do I need to purchase a separate SSL certificate for the Sonciwall? or with this conflict with the Exchange certificate??

Thanks!
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
It is up to you.  You can have a self signed or a certificate issued by a CA running on your sbs.  One usually only needs a publicly verified certificate when people outside your workplace need to access the resources.  Though the costs are not that much.

I.e. Provide those who will be using the vm the public certificate of the ca issuing certs in your environment.
0
 

Author Closing Comment

by:nlwtech
Comment Utility
I haven't been able to work on the certificate issue but the initial problem is resolved.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Let’s list some of the technologies that enable smooth teleworking. 
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now