Sonicwall firewall configuration with comcast modem
Hello,
we have a TZ-210 wireless that need to change a couple of things on.
We are connected to a comcast business gateway device. It has wireless and we use that as an outside wireless, It is not setup to access the internal network. When we setup a laptop of phone we use that for VPN testing and remote connectivity. I have 2 issues.
1. I cannot connect to the management interface on the modem, it is the default 10.1.10.1. It keeps getting dropped in the firewall. What rukes do I add to tallow this?
2. We cannot send email from our mobile devices when connected to the Comcast wireless. I would expect it to be a rule as well, but I'm not sure what to add to make this work.
We want to keep the comcast wireless off the internal network. But we need to access the management interface, plus some of the users need to be able to send via exchange when using devices or phones and sending exchange email.
Thanks.
we have a TZ-210 wireless that need to change a couple of things on.
We are connected to a comcast business gateway device. It has wireless and we use that as an outside wireless, It is not setup to access the internal network. When we setup a laptop of phone we use that for VPN testing and remote connectivity. I have 2 issues.
1. I cannot connect to the management interface on the modem, it is the default 10.1.10.1. It keeps getting dropped in the firewall. What rukes do I add to tallow this?
2. We cannot send email from our mobile devices when connected to the Comcast wireless. I would expect it to be a rule as well, but I'm not sure what to add to make this work.
We want to keep the comcast wireless off the internal network. But we need to access the management interface, plus some of the users need to be able to send via exchange when using devices or phones and sending exchange email.
Thanks.
ASKER
Hi,
Thanks, let me be a little clearer.
We have wireless from the TZ and that is fine. It is setup as different IP range, but per ownership has access to the LAN. The wireless is not shared with anyone outside the company. So that I'm leaving that alone.
The owner wants to connect to the Comcast modem, which has wireless included. We want that to be separate from the internal network. The reason for this is that they want to be able to test the VPN from this wireless. They have a couple people that will travel from time to time and they want to be sure everything is working properly. Plus they setup phones for installers and other people that need them and they want to test them both cellular and wifi. May seem odd to many of you but it does make a certain amount of sense.
Details:
Comcast cable modem with WIFI, it is giving out 10.1.10.x ip addresses. I was unable to connect to the management interface due to a password/login issue. I need to look into that more. I was connected directly to one of the open ports on the device. I want to be able to connect to 10.1.10.1 from inside the network, not directly connected to the modem.
I setup my phone for an email address on the internal exchange server and tried to send mail. When connected to the wireless provided by the Sonicwall it was fine. When I connected only over cellular it worked fine as well. When I connected to the Comcast wireless it stuck in the outbox on my phone. I'm using Typeapp as the mail client. I'm connecting to remote.SERVERNAME.com over 443, with SSL/TLS.
I looked at the logs in the Sonicwall but did not find anything to indicate where it was getting hung up. I cannot find where I can add something that will allow this traffic, to the management port and sending email.
Can someone help me figure out where to add a rule or what rule to edit to allow me to connect 10.1.10.1 and send mail from a WIFI connection to the Comcast modem?
Thanks, let me be a little clearer.
We have wireless from the TZ and that is fine. It is setup as different IP range, but per ownership has access to the LAN. The wireless is not shared with anyone outside the company. So that I'm leaving that alone.
The owner wants to connect to the Comcast modem, which has wireless included. We want that to be separate from the internal network. The reason for this is that they want to be able to test the VPN from this wireless. They have a couple people that will travel from time to time and they want to be sure everything is working properly. Plus they setup phones for installers and other people that need them and they want to test them both cellular and wifi. May seem odd to many of you but it does make a certain amount of sense.
Details:
Comcast cable modem with WIFI, it is giving out 10.1.10.x ip addresses. I was unable to connect to the management interface due to a password/login issue. I need to look into that more. I was connected directly to one of the open ports on the device. I want to be able to connect to 10.1.10.1 from inside the network, not directly connected to the modem.
I setup my phone for an email address on the internal exchange server and tried to send mail. When connected to the wireless provided by the Sonicwall it was fine. When I connected only over cellular it worked fine as well. When I connected to the Comcast wireless it stuck in the outbox on my phone. I'm using Typeapp as the mail client. I'm connecting to remote.SERVERNAME.com over 443, with SSL/TLS.
I looked at the logs in the Sonicwall but did not find anything to indicate where it was getting hung up. I cannot find where I can add something that will allow this traffic, to the management port and sending email.
Can someone help me figure out where to add a rule or what rule to edit to allow me to connect 10.1.10.1 and send mail from a WIFI connection to the Comcast modem?
So external to comcast wifi you can send through, the issue might relate to outgoing connection coming back on itself.
While connected to the Comcast router wifi. You are trying to access the wan IP of the Comcast to then get forwarded back into TZ ...
Some devices by default would not allow such.
When you are behind TZ does the IP to which you connect match the IP to which when you are on the cellular and when you are on he wifi?
If your wifi and cellular are the same, the Comcast router would need adjustment in settings to allow connection to its wan port from the inside.
If they are not the same, the information from the Comcast device might push other DNS servers that respond differently I.e. As though you were behind TZ by providing an ip only available to TZ LAN systems.
Yes it is common to test VPNs and having an external connection to the end point is useful. Though in your case, does the TZ have a public IP as its wan, or is it configured such that to open a port for the public IP, the Comcast router has to open a port directing it to the TZ ip on the 10.1.10.0/24 network?
One consideration for VPN deals with managing the use of an IP (remote client) as well as the LAN behind TZ not being common as one would encountered by remote clients. I.e. No 192.168.0-3.0/24 as the first three segments of the 192.168.0.0/16 block are common among many retail routers.
Such that a user at home could have this LAN And while they would validate the test, their connection at home or anywhere that uses your LAN ip segment will not work.
Internet <=> Comcast router <=> TZ firewall <=> your lan
Internet <=> Comcast router <=> wifi guest LAN
\ => TZ wan <=> LAN behind
BOth TZ and Comcast router have a Public IP on the Comcast network.
I.e. A LAN device querying has a WAN IP is define rent from an IP reflected for the Comcast wifi guest .....
While connected to the Comcast router wifi. You are trying to access the wan IP of the Comcast to then get forwarded back into TZ ...
Some devices by default would not allow such.
When you are behind TZ does the IP to which you connect match the IP to which when you are on the cellular and when you are on he wifi?
If your wifi and cellular are the same, the Comcast router would need adjustment in settings to allow connection to its wan port from the inside.
If they are not the same, the information from the Comcast device might push other DNS servers that respond differently I.e. As though you were behind TZ by providing an ip only available to TZ LAN systems.
Yes it is common to test VPNs and having an external connection to the end point is useful. Though in your case, does the TZ have a public IP as its wan, or is it configured such that to open a port for the public IP, the Comcast router has to open a port directing it to the TZ ip on the 10.1.10.0/24 network?
One consideration for VPN deals with managing the use of an IP (remote client) as well as the LAN behind TZ not being common as one would encountered by remote clients. I.e. No 192.168.0-3.0/24 as the first three segments of the 192.168.0.0/16 block are common among many retail routers.
Such that a user at home could have this LAN And while they would validate the test, their connection at home or anywhere that uses your LAN ip segment will not work.
Internet <=> Comcast router <=> TZ firewall <=> your lan
Internet <=> Comcast router <=> wifi guest LAN
\ => TZ wan <=> LAN behind
BOth TZ and Comcast router have a Public IP on the Comcast network.
I.e. A LAN device querying has a WAN IP is define rent from an IP reflected for the Comcast wifi guest .....
Allowing remote management of your Comcast router via its public IP address would be the option that's the least painful to implement if you're insistent on making use of it. Otherwise, just have some system constantly connected to the Comcast router and keep some remote access software on it like GoToMyPC.
The second option would be to do something like create a VLAN and have a guest wireless network from the Sonicwall instead. That would allow you to have some sort of control AND not have to worry about messing with the Comcast router at all. That would get into you needing to create a Virtual Access Point and going through some other steps to ensure that it cannot access the main LAN.
As for the mail issue, can it be assumed that the mail server is onsite?
The second option would be to do something like create a VLAN and have a guest wireless network from the Sonicwall instead. That would allow you to have some sort of control AND not have to worry about messing with the Comcast router at all. That would get into you needing to create a Virtual Access Point and going through some other steps to ensure that it cannot access the main LAN.
As for the mail issue, can it be assumed that the mail server is onsite?
Any updates?
ASKER
Sorry other issues to deal with.
So far no luck, but I cannot access the comcast router. Password must have been changed.
Once we get a couple of other issues settled I will need to come back to this,
So far no luck, but I cannot access the comcast router. Password must have been changed.
Once we get a couple of other issues settled I will need to come back to this,
Well, if you contact Comcast, they can reset the password for you. That would probably be the one way to do it without wiping out any customize settings that already exist.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
The outgoing mail transmission can not use the Defaul SMTP port, 25. You have to divert to port 465 or 587 as the alternative 465 SSL 587 unencrypted, but includes the Starttls to encrypt the exchange after the ....
Configure your TZ to allow inbound on port 25.
Not sure why you don't define a few wifi on the TZ with your guest wifi isolated from the LAN allowed only access to the outside.