Solved

Sonicwall TZ200 Netextender Conflict With SBS 2011 Remote Web Workplace

Posted on 2015-02-19
14
236 Views
Last Modified: 2015-03-23
I have a Windows SBS 2011 server configured with Remote Web Workplace which works fine.  The Sonicwall is also set up with the Global VPN Client and that works fine too.  

The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender.  With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server.  I had to completed remove the NetExtender from the Sonicwall to get RWW working again.

Port 443 is configured to port forward to our Windows SBS Server which also hosts Exchange & OWA.

Any help would be greatly appreciated.

Thanks!
0
Comment
Question by:nlwtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 40620557
is access to rww contingent on users first connecting/establishing VPN?

Double check what port you use for rww access versus the 4433 that you used for netextender.

When rww gives a certificate issue, does your sbs have its own ca running? Have it sign the extenders certificate. Or add the sonicwalls certificate as trusted.

Double check what rww and from where is seeing the connection.....
0
 
LVL 20

Accepted Solution

by:
carlmd earned 250 total points
ID: 40620966
You can change the port that the SSLVPN uses on SSLVPN -> Server Settings
0
 

Author Comment

by:nlwtech
ID: 40625098
Sorry for the delay.

- No, people do not establish a VPN connection to use RWW
- RWW uses TCP 443 and TCP 987
- There is a CA running on the Windows server for RWW and Exchange.  It does have a valid purchased Certificate installed.
- NetExtender is configured to use port 4433

I thinking that there may be something wrong with the Sonicwall Firewall config.

Thx.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 20

Expert Comment

by:carlmd
ID: 40625636
So why not change NetExtender to some other port?
0
 

Author Comment

by:nlwtech
ID: 40626219
I thought that since NetExtender is using port 4433, it would not conflict with RWW using port 443.  I don't see how this is causing a conflict?
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40626263
Didn't you define the port as a conflict on your original statement?

"The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender.  With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server.  I had to completed remove the NetExtender from the Sonicwall to get RWW working again."
0
 

Author Comment

by:nlwtech
ID: 40626712
The conflict is that when activating NetExtender on port 4433, the RWW on port 443 no longer works/connects.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40627900
Check Network -> Interfaces -> X1 -> Configure on the General tab do you have Management -> HTTPS checked? If so, accessing the WAN interface on port 443 will automatically invoke the self signed certificate. If checked, uncheck and see if this solves the problem.
0
 

Author Comment

by:nlwtech
ID: 40629929
No, HTTPS is not checked there.  I do have a Network > Service called "remote web access Services" and that has HTTP, HTTPS and Remote Web Workplace.
0
 
LVL 25

Assisted Solution

by:Diverse IT
Diverse IT earned 250 total points
ID: 40633664
Hi nlwtech,

The ports needed for RWW by default do not conflict SSL-VPN. The only correlating ports are 80 & 443 ONLY if external management is turned on as @carlmd pointed out.

Have you manipulated NAT policies for the SSL-VPN? As a troubleshooting measure you should try changing SSL-VPN port from 4433 to 4444.

Test again and post results.
0
 

Author Comment

by:nlwtech
ID: 40643665
I changed the SSL-VPN port to 4444 and it does not seem to be causing the problems with RWW anymore.  I'll do some more testing to be sure.
0
 

Author Comment

by:nlwtech
ID: 40648183
The SSL-VPN Netextender is working fine except for the certificate as it is the default untrusted cert.  I have a certificate installed on our SBS 2011 server for Exchange.  Do I need to purchase a separate SSL certificate for the Sonciwall? or with this conflict with the Exchange certificate??

Thanks!
0
 
LVL 78

Expert Comment

by:arnold
ID: 40648396
It is up to you.  You can have a self signed or a certificate issued by a CA running on your sbs.  One usually only needs a publicly verified certificate when people outside your workplace need to access the resources.  Though the costs are not that much.

I.e. Provide those who will be using the vm the public certificate of the ca issuing certs in your environment.
0
 

Author Closing Comment

by:nlwtech
ID: 40683093
I haven't been able to work on the certificate issue but the initial problem is resolved.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question