Sonicwall 3600 public server wizard error

I have a Sonicwall NSA 3600. I have a block of Public IP's.  I have a Server 2012 vm with two IIS sites and two seperate LAN IP's configured in bindings.  One of the IIS sites has been configurd in the NSA via the wizard. The Address Object is called "web1."  

When trying to run the web server wizard for the second IIS site, i get error "Server name conflicts with existing address object" when entering the same name of "web1" which is the servers DNS name.  I change the name to "web2" and assign my LAN IP and my seperate WAN IP and it completes the wizard and creates rules.  

However, my site is not available at all. Not even by WAN.  I ensure i configure private and public DNS but it wont resolve.

Has anyone seen this issue when running to web sites from one server trying to create the firewall rules in an Sonicwall.
Leigh KalbliAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CESNetwork AdministratorCommented:
The is a difference between NAT rules and firewall rules, so you need to have both in place.  Are the servers using the same public IP address?  And if they are, what ports are they on?

Internally, do they both run on port 80 using the different IP address bindings?
Leigh KalbliAuthor Commented:
They have separate LAN and Separate WAN, 1:1.  They both are going over 443 each using a separate LAN binding.
Blue Street TechLast KnightCommented:
Hi Leigh,

I'd make sure that everything for Web2 is setup correctly in your SonicWALL first and foremost. That should be easy to do since the Wizard had already provided a template to follow for web1. The wizard should have provided the following irens:
  1. Access Rules
  2. NAT Policies
  3. Service Objects
  4. Address Objects

Follow what web1 had already in place. Make sure to verify that the service and Address Objects are correct for web2.

Once you have done that use the Packet Capture under System in your SonicWALL to determine the root cause of your issue. This will provide you insight as to what the packets are doing. If you are doing this alone you need remote into a machine outside your network where you know the IP address then input that into the Packet Capture and test. Finally, the Packet Capture will show you where your problem lies either in the firewall or in your IIS server.

Let me know if you have any questions!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Leigh KalbliAuthor Commented:
Thanks all for the comments. To clarify, i was doing a 1:1 rule all over 443 using the wizard.  It turns out the issue had nothing to do with the NSA.  i had two WAN blocks of IP's that were added to ARP.  When creating the rules using IP's from the 2nd block the web servers didn't work.  I modified an address object to one of the 1st WAN block IP's and it all worked.

Turns out my ISP forgot to set things up on there end to route my IP's on block 2 to me.

All is well again.  Not sure who gets best answer here???
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.