Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Access internal URL/IP via Sonicwall VPN

Hi,

We have a NSA 2600 Sonicwall firewall and we are making use of the VPN (Global VPN Client) to connect to the VPN and can then access internal resources such as SQL and a Jumpbox.

I have set up Address objects/groups and a service group and created a firewall rule from VPN to LAN as per below;


From Zone: VPN

To Zone: LAN

Source: GVC VPN Clients

Destination: IP Address of web service I'm trying to reach

Service: ICMP, HTTP and HTTPS, Traceroute

Action: Allow

Users Included: Trusted users

Users Excluded: External Users


When using the Ping tool under System -> Diagnostics, I can ping the IP address in my "Destination" so it is accessible and can communicate both ways.

When I try to ping the internal IP from my PC, it times out.

When I try to access to URL from my PC while on the VPN, it fails to resolve.

Error message: ERR_NAME_NOT_RESOLVED

I am able to access this URL within our network. 

I have a similar rule configured on the firewall for SQL access, and I can ping the IP address that is configured in the destination of that rule and can connect to SQL via SSMS from my PC via the VPN.


We have a static route on the server where the Website is hosted which allows it to talk back to the VPN network.

When running a Wireshark on the server hosting the website, we do not observe any traffic when accessing the URL via the VPN, however, we do observe traffic within Wireshark when accessing the site from another server so this leads me to believe that the traffic is not passing through the SonicWall onto the Server. 

What am I missing?

Kind Regards,

Coenie

Category: Mid Range Firewalls
Reply
Tagged:

Answers

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    "We have a static route on the server where the Website is hosted which allows it to talk back to the VPN network."

    Is the web server located on the LAN interface of the Sonicwall? Why does the web server need a route to the VPN network?

Sign In or Register to comment.