Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.
Course Of The Month
8 days, 9 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Setting up OWA access rule in SonicWall
Posted on 2016-07-15
Hi Guys,
I have difficulty setting up an OWA access rule in SonicWall.
I have SonicWall WAN connection (192.168.1.4)
.. coming from an ADSL router translating internet traffic to 192.168.1.4 -> SonicWall
LAN connection on 10.0.0.240 / 24
Exchange server on 10.0.0.27 / 24
I can't get the access rule / NAT to work:
ACCESS RULE:
From: WAN
To: LAN
Source Port: Any
Service: Exchange 2013 (http & https)
Source: Any
Destination: WAN Interface IP
NAT RULE:
Original Source: Firewall Subnets
Translated Source: WAN interface IP
Original Destination: WAN interface IP
Translated Destination: Exchange Server (10.0.0.27)
Original Service: Exchange 2013 (http & https)
Translated Service: Original
Inboud Interface: Any
Outbound Interface: Any
I've tried other configurations as well, but still no joy.
The log monitor has also not been really helpful, perhaps I am using wrong log-filter?
I have difficulty setting up an OWA access rule in SonicWall.
I have SonicWall WAN connection (192.168.1.4)
.. coming from an ADSL router translating internet traffic to 192.168.1.4 -> SonicWall
LAN connection on 10.0.0.240 / 24
Exchange server on 10.0.0.27 / 24
I can't get the access rule / NAT to work:
ACCESS RULE:
From: WAN
To: LAN
Source Port: Any
Service: Exchange 2013 (http & https)
Source: Any
Destination: WAN Interface IP
NAT RULE:
Original Source: Firewall Subnets
Translated Source: WAN interface IP
Original Destination: WAN interface IP
Translated Destination: Exchange Server (10.0.0.27)
Original Service: Exchange 2013 (http & https)
Translated Service: Original
Inboud Interface: Any
Outbound Interface: Any
I've tried other configurations as well, but still no joy.
The log monitor has also not been really helpful, perhaps I am using wrong log-filter?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
2
6 Comments
Active today
You're basically double NATing from your explanation. Try to get your router running in Bridge mode, so the IP is directly applied at the Sonicwall. Otherwise, you'll also have to set the rule up in your ADSL router as well. (NAT Public IP to SonicWall WAN port IP in Router, NAT Sonicwall WAN Port IP to Exchange server in SonicWall config). You also will want to limit the ports in the NAT rule to ports 443 and 25, since those are the ones that Exchange needs on the Internet.
Active 2 days ago
Hi Rupert,
It could be double NATing but we'd need to see more details. You could have issues with a 443 conflict. On the surface it isn't obvious but if you have remote management enabled (443 enabled on the WAN Interface) while opening 443 on the WAN > LAN side. I said it is not terribly obvious because you'd typically think to look for open inbound ports on the WAN > LAN Zone not actually realizing management services (ping, management, etc.) run on WAN > WAN. The way to remedy this is to go to System > Administration and change the port next to HTTPS Port: under Web Management Settings.
Let me know how it goes!
It could be double NATing but we'd need to see more details. You could have issues with a 443 conflict. On the surface it isn't obvious but if you have remote management enabled (443 enabled on the WAN Interface) while opening 443 on the WAN > LAN side. I said it is not terribly obvious because you'd typically think to look for open inbound ports on the WAN > LAN Zone not actually realizing management services (ping, management, etc.) run on WAN > WAN. The way to remedy this is to go to System > Administration and change the port next to HTTPS Port: under Web Management Settings.
Let me know how it goes!
Active 6 days ago
Thanks Guys,
The ADSL router is locked by the service provider and can't be edited.
However, traffic from the internet (via the DSL router) is arriving at the SonicWALL router.
I realised this, when the admin page of the SonicWALL was displayed initially.
I changed the SSL port under Web Management settings for the SonicWall, and the admin page is no longer displayed.
This tells me that the 443 traffic is reaching the SonicWall, but not being relayed through to the Exchange server on 10.0.0.27.
Are the access & NAT rules above correct?
The ADSL router is locked by the service provider and can't be edited.
However, traffic from the internet (via the DSL router) is arriving at the SonicWALL router.
I realised this, when the admin page of the SonicWALL was displayed initially.
I changed the SSL port under Web Management settings for the SonicWall, and the admin page is no longer displayed.
This tells me that the 443 traffic is reaching the SonicWall, but not being relayed through to the Exchange server on 10.0.0.27.
Are the access & NAT rules above correct?
Active 2 days ago
I changed the SSL port under Web Management settings for the SonicWall, and the admin page is no longer displayed.Perfect this has now unblocked your 443 conflict. From now on when you login, you need to type your Public IP with the new port number you assigned for management, for example https://1.1.1.1:4443. Make sense?
If that is your only NAT policy then no that will not work. You need three NAT Policies: 1) inbound, 2) outbound and 3) loopback policy. I'd remove that you have or both the Access Rule and the NAT policy that you have specifically set up and then go the Wizards link in the top right of the GUI and select Public Server and follow the prompts. That is the best more complete way to open up ports on your SonicWALL. And if the Wizard is not flexible enough for what you want to do...don't worry about it...you can always go back to the Access Rules or NAT policies it has setup and modify them.
Let me know if you have any questions!
Active 6 days ago
Thank you Diverseit,
I've deleted the NAT policy and used the wizard to setup a new set of NAT policies for publishing the server.
The wizard only created 2 x NAT rules, and still did not work.
I logged a call with SonicWALL and we've added a 3rd rule with their assistance. OWA is working ;-)
I encountered a strange problem, possibly a bug in the firmware;
Upon adding NAT rules, "custom rules" option,
Upon moving a rule to position 1, the SonicWALL deletes the rule without a prompt.
I tried a couple of times, the same problem occurred.
I have another server to publish on a different range 192.168.2.x (SonicWALL on 10.0.0.x)
I've setup a static route, and the SonicWALL can ping the server successfully.
Setting up the same 3 x NAT rules for this server, doesn't work.
Any ideas?
I've deleted the NAT policy and used the wizard to setup a new set of NAT policies for publishing the server.
The wizard only created 2 x NAT rules, and still did not work.
I logged a call with SonicWALL and we've added a 3rd rule with their assistance. OWA is working ;-)
I encountered a strange problem, possibly a bug in the firmware;
Upon adding NAT rules, "custom rules" option,
Upon moving a rule to position 1, the SonicWALL deletes the rule without a prompt.
I tried a couple of times, the same problem occurred.
I have another server to publish on a different range 192.168.2.x (SonicWALL on 10.0.0.x)
I've setup a static route, and the SonicWALL can ping the server successfully.
Setting up the same 3 x NAT rules for this server, doesn't work.
Any ideas?
Active 2 days ago
Strange. The wizard should always add three rules inbound, outbound and loopback. Did you have the option not to select loopback?
You can leave the priority of the NAT Policies default. I'm not sure I understand the auto-delete NAT policy. What NAT policy are you trying to create that the wizard hasn't already?
Regarding the other server, I'd love to help but it is outside of the scope of this question. Please open a new question and I'll hop on that and answer it for you. Experts Exchange likes to keep a specific question/specific answer so that when users try to find issues they find the answers instead of offshoots, etc. I hope you understand. :)
You can leave the priority of the NAT Policies default. I'm not sure I understand the auto-delete NAT policy. What NAT policy are you trying to create that the wizard hasn't already?
Regarding the other server, I'd love to help but it is outside of the scope of this question. Please open a new question and I'll hop on that and answer it for you. Experts Exchange likes to keep a specific question/specific answer so that when users try to find issues they find the answers instead of offshoots, etc. I hope you understand. :)
Featured Post
Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
Internet Business Fax to Email Made Easy -
With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number.
You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month8 days, 9 hours left to enroll
617 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.