Sonicwall 3600 public server wizard error

I have a Sonicwall NSA 3600. I have a block of Public IP's.  I have a Server 2012 vm with two IIS sites and two seperate LAN IP's configured in bindings.  One of the IIS sites has been configurd in the NSA via the wizard. The Address Object is called "web1."  

When trying to run the web server wizard for the second IIS site, i get error "Server name conflicts with existing address object" when entering the same name of "web1" which is the servers DNS name.  I change the name to "web2" and assign my LAN IP and my seperate WAN IP and it completes the wizard and creates rules.  

However, my site is not available at all. Not even by WAN.  I ensure i configure private and public DNS but it wont resolve.

Has anyone seen this issue when running to web sites from one server trying to create the firewall rules in an Sonicwall.
LVL 1
Leigh KalbliAsked:
Who is Participating?
 
Blue Street TechConnect With a Mentor Last KnightCommented:
Hi Leigh,

I'd make sure that everything for Web2 is setup correctly in your SonicWALL first and foremost. That should be easy to do since the Wizard had already provided a template to follow for web1. The wizard should have provided the following irens:
  1. Access Rules
  2. NAT Policies
  3. Service Objects
  4. Address Objects

Follow what web1 had already in place. Make sure to verify that the service and Address Objects are correct for web2.

Once you have done that use the Packet Capture under System in your SonicWALL to determine the root cause of your issue. This will provide you insight as to what the packets are doing. If you are doing this alone you need remote into a machine outside your network where you know the IP address then input that into the Packet Capture and test. Finally, the Packet Capture will show you where your problem lies either in the firewall or in your IIS server.

Let me know if you have any questions!
0
 
CESConnect With a Mentor Network AdministratorCommented:
The is a difference between NAT rules and firewall rules, so you need to have both in place.  Are the servers using the same public IP address?  And if they are, what ports are they on?

Internally, do they both run on port 80 using the different IP address bindings?
0
 
Leigh KalbliAuthor Commented:
They have separate LAN and Separate WAN, 1:1.  They both are going over 443 each using a separate LAN binding.
0
 
Leigh KalbliAuthor Commented:
Thanks all for the comments. To clarify, i was doing a 1:1 rule all over 443 using the wizard.  It turns out the issue had nothing to do with the NSA.  i had two WAN blocks of IP's that were added to ARP.  When creating the rules using IP's from the 2nd block the web servers didn't work.  I modified an address object to one of the 1st WAN block IP's and it all worked.

Turns out my ISP forgot to set things up on there end to route my IP's on block 2 to me.

All is well again.  Not sure who gets best answer here???
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.