Solved

Sonicwall TZ200 Netextender Conflict With SBS 2011 Remote Web Workplace

Posted on 2015-02-19
14
234 Views
Last Modified: 2015-03-23
I have a Windows SBS 2011 server configured with Remote Web Workplace which works fine.  The Sonicwall is also set up with the Global VPN Client and that works fine too.  

The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender.  With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server.  I had to completed remove the NetExtender from the Sonicwall to get RWW working again.

Port 443 is configured to port forward to our Windows SBS Server which also hosts Exchange & OWA.

Any help would be greatly appreciated.

Thanks!
0
Comment
Question by:nlwtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 40620557
is access to rww contingent on users first connecting/establishing VPN?

Double check what port you use for rww access versus the 4433 that you used for netextender.

When rww gives a certificate issue, does your sbs have its own ca running? Have it sign the extenders certificate. Or add the sonicwalls certificate as trusted.

Double check what rww and from where is seeing the connection.....
0
 
LVL 20

Accepted Solution

by:
carlmd earned 250 total points
ID: 40620966
You can change the port that the SSLVPN uses on SSLVPN -> Server Settings
0
 

Author Comment

by:nlwtech
ID: 40625098
Sorry for the delay.

- No, people do not establish a VPN connection to use RWW
- RWW uses TCP 443 and TCP 987
- There is a CA running on the Windows server for RWW and Exchange.  It does have a valid purchased Certificate installed.
- NetExtender is configured to use port 4433

I thinking that there may be something wrong with the Sonicwall Firewall config.

Thx.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 20

Expert Comment

by:carlmd
ID: 40625636
So why not change NetExtender to some other port?
0
 

Author Comment

by:nlwtech
ID: 40626219
I thought that since NetExtender is using port 4433, it would not conflict with RWW using port 443.  I don't see how this is causing a conflict?
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40626263
Didn't you define the port as a conflict on your original statement?

"The problem is that when I setup NetExtender on port 4433 to support our remote Mac users, it broke the Remote Web Workplace connection though remote Windows & Mac users were able to connect via NetExtender.  With the NetExtender enabled, the Remote Web Workplace says that the certificate is invalid (it is apparently seeing the current self signed certificate on the Sonicwall) and fails to connect to the Windows server.  I had to completed remove the NetExtender from the Sonicwall to get RWW working again."
0
 

Author Comment

by:nlwtech
ID: 40626712
The conflict is that when activating NetExtender on port 4433, the RWW on port 443 no longer works/connects.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40627900
Check Network -> Interfaces -> X1 -> Configure on the General tab do you have Management -> HTTPS checked? If so, accessing the WAN interface on port 443 will automatically invoke the self signed certificate. If checked, uncheck and see if this solves the problem.
0
 

Author Comment

by:nlwtech
ID: 40629929
No, HTTPS is not checked there.  I do have a Network > Service called "remote web access Services" and that has HTTP, HTTPS and Remote Web Workplace.
0
 
LVL 25

Assisted Solution

by:Diverse IT
Diverse IT earned 250 total points
ID: 40633664
Hi nlwtech,

The ports needed for RWW by default do not conflict SSL-VPN. The only correlating ports are 80 & 443 ONLY if external management is turned on as @carlmd pointed out.

Have you manipulated NAT policies for the SSL-VPN? As a troubleshooting measure you should try changing SSL-VPN port from 4433 to 4444.

Test again and post results.
0
 

Author Comment

by:nlwtech
ID: 40643665
I changed the SSL-VPN port to 4444 and it does not seem to be causing the problems with RWW anymore.  I'll do some more testing to be sure.
0
 

Author Comment

by:nlwtech
ID: 40648183
The SSL-VPN Netextender is working fine except for the certificate as it is the default untrusted cert.  I have a certificate installed on our SBS 2011 server for Exchange.  Do I need to purchase a separate SSL certificate for the Sonciwall? or with this conflict with the Exchange certificate??

Thanks!
0
 
LVL 78

Expert Comment

by:arnold
ID: 40648396
It is up to you.  You can have a self signed or a certificate issued by a CA running on your sbs.  One usually only needs a publicly verified certificate when people outside your workplace need to access the resources.  Though the costs are not that much.

I.e. Provide those who will be using the vm the public certificate of the ca issuing certs in your environment.
0
 

Author Closing Comment

by:nlwtech
ID: 40683093
I haven't been able to work on the certificate issue but the initial problem is resolved.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
help Skype for Business keeps dropping 7 37
VLAN CONFIGURATION 2 61
SSL-VPN Solution 8 20
NAT on Fortigate 2 15
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question