1. Home
  2. Networking Firewalls
  3. Sonicwall newbie question...

Sonicwall newbie question...

I have a Sonicwall 2040 appliance... its configured with a WAN LAN and DMZ (all done prior to my arrival with the company). The WAN is our public IP addresses, such as E-Mail and Web Servers, LAN is all internal addresses, and i'm not quite sure what the DMZ is.

What I'm wanting to do is enable traffic from my WAN (specifically 1 IP address) to my LAN (again, specifically 1 IP address) for remote access purposes. I have a service setup on my firewall for Terminal Services (port 3389), and a rule setup to all traffic from WAN to LAN for that service. When I access my local server from the LAN, RDP works fine. When I try from my public server, it says the service is not running or it cannot find it.

Any ideas as to what I am doing wrong? Or what configuration option I am missing?

Any thoughts are greatly appreciated and welcome.

Thanks,

Reply to
woody
Loading thread data ...

What you have todo is following stepsin sonicwall

1). Create a setvice for RDP=3389 2). Create a local user ie internal ip address of server 3). Create a local user for pubklic ip address of machine what to access local mahine. 4). Cretae a rule which allows public ip access to local ip on rdp=3389 5). Apply rule to external interface for filtering traffic. 6). Try doing RDP from public machine

CK

woody wrote:

Reply to
CK

not necessary - it's called "terminal service" and predefined

i would call it object ,(network-address objects-custom objects) you need three:

2a) the internal host 2b) the external ip address of this host to be reached, 2c)also the admin host in the internet,

that is supposed to access your internal host

i would call it NAT (network-nat policies), where you define which service is nated to where (external object to internal host)

create a rule WAN ->LAN which allows terminal service access- from your admin host (2c) to EXTERNAL address defined in 2b

this aplllies to enhanced OS, if you have standard OS, you have less options, (no fancy objects, no PAT...) but basically same concept.

M
Reply to
mak

Id not then you have to create thsi service.

One way or the other you have to definr the ip addess or groups

nated to where (external object to

Same as above

host (2c) to

Both are the same i.e. NAT

OS has not been discussed yet...

Reply to
CK

Yes, mine is predefined...

I don't have these options... under Network I have the following:

Settings One-to-One NAT Web Proxy Intranet Routing ARP DHCP Server

I don't see anywhere in these options where I can add a custom object. Suggestions?

nated to where (external object to

Again, i don't have nat policies.

host (2c) to

Reply to
woody

allright, looks like you have standard OS:

if your WAN Interface is NAT enabled: go to network- one-to one nat-add: private and public adress and range lenght 1 (you need a separate public IP from your providers pool)

go to firewall-access-rule-add:

action: allow service:term serv source: WAN ip_of_adminhost_in_the_internet (range begin and end is identical) dest:LAN ip_of_internalhost_

that's it, if it doesn't work, check your logs

M
Reply to
mak

Well, I followed per your instructions... but it seems that every time I try to access my Internal address from my Public address, I get the following responses in the logs:

12/18/2006 14:12:59.544 Web management request allowed 69.15.x.x, 37713, LAN 10.0.x.x, 80, LAN Web (HTTP) 12/18/2006 14:12:53.320 UDP packet from LAN dr*scratches head* What am I doing wrong?

Reply to
woody

When you say...

ip_of_adminhost_in_the_internet, this is my public IP of the server I want to access from? Or my public IP that I added in the one-to-one NAT?

and...

ip_of_internalhost_, this is the normal LAN address of the server I want to access, correct?

Just making sure...

Thanks again for all the information... I greatly appreciate it!

Ray

mak wrote:

Reply to
woody

Reply to
woody

correct Or my public IP that I added in the one-to-one

correct

<
Reply to
mak

can you ping the host from the sonicwall (settings-diagnostics) M

Reply to
mak

I got it all working last night. I really appreciate all the great feedback and help from you. This was all a bit new to me. I knew the terminology, but putting it all to use was a new experience.

Thanks, aga> woody wrote:

Reply to
woody

Actually, I have one more question, if I might be allowed to pick your brain once more. I added the nat'd address to the new public IP, and created the rule to allow from the LAN to the NAT'd address. This worked, and I was able to remote to the machine. Now, however, when I try to access the server internally via a network share, myself and anyone else that is trying to do so are not able to.

Any ideas why this might be? I didn't think the new NAT and Access Rule would affect local LAN traffic, but it appears to do just that.

Any input is, as always, greatly appreciated.

mak wrote:

Reply to
woody

°°° i am assuming this is a typo and should be WAN

network share in your LAN has nothing to do with rdp access from outside and

the nat and access rule from wan to lan only affect your access through the firewall (obviosly)

so, if your you are not using the DMZ interface and client and server are in the same segment, and you are using the correct internal adresses, you'r problem is not the sonicwall.

M
Reply to
mak

OK, I have question, related to when I added the One-to-One NAT rule...

When doing so, this appears at the top of the window:

NOTE: Computers connected in the One-To-One NAT IP range specified will be disconnected.

I'm wondering if this was my problem, because I had to add my internal IP address. So if users were connected to the network share at the time, they would have been disconnected. I also wonder if just rebooting the server in question would restore the connectivity.

mak wrote:

he firewall (obviosly)

in the same segment, and you are using the

Reply to
woody

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.