nlwtech
asked on
Sonicwall TZ200 Netextender Conflict With SBS 2011 Remote Web Workplace
I have a Windows SBS 2011 server configured with Remote Web Workplace which works fine. The Sonicwall is also set up with the Global VPN Client and that works fine too.
The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender. With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server. I had to completed remove the NetExtender from the Sonicwall to get RWW working again.
Port 443 is configured to port forward to our Windows SBS Server which also hosts Exchange & OWA.
Any help would be greatly appreciated.
Thanks!
The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender. With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server. I had to completed remove the NetExtender from the Sonicwall to get RWW working again.
Port 443 is configured to port forward to our Windows SBS Server which also hosts Exchange & OWA.
Any help would be greatly appreciated.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the delay.
- No, people do not establish a VPN connection to use RWW
- RWW uses TCP 443 and TCP 987
- There is a CA running on the Windows server for RWW and Exchange. It does have a valid purchased Certificate installed.
- NetExtender is configured to use port 4433
I thinking that there may be something wrong with the Sonicwall Firewall config.
Thx.
- No, people do not establish a VPN connection to use RWW
- RWW uses TCP 443 and TCP 987
- There is a CA running on the Windows server for RWW and Exchange. It does have a valid purchased Certificate installed.
- NetExtender is configured to use port 4433
I thinking that there may be something wrong with the Sonicwall Firewall config.
Thx.
So why not change NetExtender to some other port?
ASKER
I thought that since NetExtender is using port 4433, it would not conflict with RWW using port 443. I don't see how this is causing a conflict?
Didn't you define the port as a conflict on your original statement?
"The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender. With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server. I had to completed remove the NetExtender from the Sonicwall to get RWW working again."
"The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender. With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server. I had to completed remove the NetExtender from the Sonicwall to get RWW working again."
ASKER
The conflict is that when activating NetExtender on port 4433, the RWW on port 443 no longer works/connects.
Check Network -> Interfaces -> X1 -> Configure on the General tab do you have Management -> HTTPS checked? If so, accessing the WAN interface on port 443 will automatically invoke the self signed certificate. If checked, uncheck and see if this solves the problem.
ASKER
No, HTTPS is not checked there. I do have a Network > Service called "remote web access Services" and that has HTTP, HTTPS and Remote Web Workplace.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I changed the SSL-VPN port to 4444 and it does not seem to be causing the problems with RWW anymore. I'll do some more testing to be sure.
ASKER
The SSL-VPN Netextender is working fine except for the certificate as it is the default untrusted cert. I have a certificate installed on our SBS 2011 server for Exchange. Do I need to purchase a separate SSL certificate for the Sonciwall? or with this conflict with the Exchange certificate??
Thanks!
Thanks!
It is up to you. You can have a self signed or a certificate issued by a CA running on your sbs. One usually only needs a publicly verified certificate when people outside your workplace need to access the resources. Though the costs are not that much.
I.e. Provide those who will be using the vm the public certificate of the ca issuing certs in your environment.
I.e. Provide those who will be using the vm the public certificate of the ca issuing certs in your environment.
ASKER
I haven't been able to work on the certificate issue but the initial problem is resolved.
Double check what port you use for rww access versus the 4433 that you used for netextender.
When rww gives a certificate issue, does your sbs have its own ca running? Have it sign the extenders certificate. Or add the sonicwalls certificate as trusted.
Double check what rww and from where is seeing the connection.....