1. Home
  2. Networking Firewalls
  3. SonicWALL 2040 + DMZ = Email/Web/FTP access

SonicWALL 2040 + DMZ = Email/Web/FTP access

Hello,

I have a question about using a DMZ and setting up Email, FTP and Web access. Before I get into it, I think I should explain our situation. We currently have a Linux based web/email/ftp server that has a firewall running on it. Unfortunately this box is outside the corporate HW firewall (exposed to the Internet). Our corporate firewall handles a DSL connection for Internet access and the web/email/ftp server handles a wireless Internet connection (static IP). We currently can access the web/email/ftp server remotely from intranet.companyname.com (web), mail.companyname.com (mail), ftp.companyname.com (ftp) or the static IP address. I recently got approved for a SonicWALL 2040 appliance that supports two WAN connections (both our wireless and DSL Internet connections). I like this because it centralizes the Internet connections and it has fault tolerance. I then want to put our web/email/ftp server in the DMZ of the SonicWALL appliance.

Question: Will users still be able to access the web/email/ftp server internally/externally from intranet.companyname.com (web), mail.companyname.com (mail), ftp.companyname.com (ftp) or the static IP address? If so, how does that work? If not, how do I grant them access?

Thanks

Reply to
Oldglory
Loading thread data ...

If your DNS resolves to the proper IP Address then they should be able to reach it.

So, if you have the server on a 192 scheme, and you are on a 192 scheme, then you need DNS records for the public names on your internal DNS server that point to the 192 addresses of the services. You would keep the public IP DNS for people outside the local network and just forward the ports inbound to the services IP address.

So, if the server was at 192.168.10.10 on the LAN and your PUBLIC IP was

244.12.12.12 you would need the following:

Public DNS A record 244.12.12.12 intranet.companyname.com Public DNS A record 244.12.12.12 mail.companyname.com Public DNS A record 244.12.12.12 ftp.companyname.com

PRIVATE DNS A record 192.168.10.10 intranet.companyname.com PRIVATE DNS A record 192.168.10.10 mail.companyname.com PRIVATE DNS A record 192.168.10.10 ftp.companyname.com

Your internal network clients should point to your internal DNS server so that they resolve the internal IP's as defined.

Some devices allow DNS loopback, but not all, in that case you would not need the Private DNS entries.

Reply to
Leythos

Thanks! I know I can put the private DNS settings into our internal DNS server, but do I need to talk to my ISP about the public DNS settings or can the SonicWALL appliance handle that DNS info?

Reply to
Oldglory

I though you already had the PUBLIC DNS settings?

If you want this accessible from outside your local network, meaning if you want PUBLIC access to it, then you will need some form

Reply to
Leythos

Sorry, had to disconnect for a vpn into a client.

If you want the Public, then your public DNS must have some value for the names - that would point to the public IP that is forwarded to your internal services

Where you might create a rule like this:

FTP: IN 24.12.12.12 > 192.168.10.10

Make sense?

If you don't want the "Public" to access the internal services, don't setup access via the firewall and don't have your public DNS updated.

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.