Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

I am having issues with Lets Encrypt not able to update SSL Certificates on my Webserver.

13»

Answers

  • johnnyzjohnnyz Newbie ✭
    edited December 2021

    When setting up the Spice L3 Subnet none of my LAN address objects show up under Transport Range, only my WAN ones. Even when I add a new one it will not be there in the dropdown.

    Instructions say I need to use an LAN or internal IP, am I reading this wrong?

    " From the Transparent Range drop-down menu, select an address object that contains the range of IP addresses you want to have access through this interface. The address range must be within an internal zone, such as LAN, DMZ, or another trusted or public zone matching the zone used for the internal transparent interface. " 

  • johnnyzjohnnyz Newbie ✭

    Why would I need a managed switch? My plan would be going directly from the L3 splice port on the SonicWALL to the virtual switch on the server assigned to the web server. Am I missing somthing?

  • prestonpreston All-Knowing Sage ✭✭✭✭

    Hi @johnnyz, you need to create an address object for the WAN IP in the LAN/DMZ zone for the Transparent Interface with the Public IP to use, this then is set on your Servers network card as its IP with the rest of the WAN details i.e. the subnet mask and the gateway IP (the same as your current WAN uses) see here https://www.youtube.com/watch?v=JJO1rXgHp1g&t=96s

    for the Virtual switch as long as you have more than one physical Network Interface you can use one of these directly in to the SonicWall, but if you only have a single network card for the Virtual switch then you would need VLAN tagging, hence needing a switch.

  • johnnyzjohnnyz Newbie ✭
    edited January 2022


    See picture. you can see I have 7 Static IP's. I will be working with only 1. 70.167.119.118 is the IP I use for the web server. Currently what comes in on 70.167.119.118 goes to 10.0.0.18.

    So should change the current zone on that address object to DMZ and then do I pick host or network as I don’t have a range? and do I have to change it to DMZ? can I just leave it WAN? and then just use that for the new L3?

  • johnnyzjohnnyz Newbie ✭

    So it wont let me change to network, I have to leave it host. So again no clear instuctions at all. back to square 1.


  • prestonpreston All-Knowing Sage ✭✭✭✭
    edited January 2022

    Hi johnnyz,

    Sorry SonicWall did used to have a guide how to set up Transparent mode apart from the Video's explaining it correctly, it seems they have removed it, below is how you set it up the server NIC needs to be set to use the Public IP not an internal Natted IP, see below for a guide for your scenario.


    1 ) create another address object with the public IP address you want to use and put this in the DMZ Zone,

    2 ) set up an Interface X3 for example and select L3 Transparent mode, select DMZ as the Zone and then select the new Address object you created.

    3 ) set the IP address on your server to be the same public IP address you want to use with the same subnet mask and gateway IP as X1

    4 ) no NAT needed just create firewall rule from WAN-DMZ for the services you want to allow the destination being the public address you used on the address object and the servers NIC

    5 ) plug in the server directly to the X3 Interface (if your Virtual Server has more than one NIC on it's Virtual Switch)

  • johnnyzjohnnyz Newbie ✭
    edited January 2022


    Thank you for the nice detailed info. I did all you said and I could not see or talk to the websever. so I dont know. and yes the server has 4 lan ports and the web server is on its own port so that part is all set and not the issue. Other then that I did 1-4 and check all several times but no comunication to the webserver, so I jsut set it back to the way it was for now.


    Address Object:


    Firewall access rule:


    Network X6 Transparent L3:


    Webserver network ip:

  • johnnyzjohnnyz Newbie ✭

    and I just wanted to show this as on the X6 port its showing 70.167.119.115, the IP from the WAN port, so not sure if that is an issue when X6 is suposed to be 70.167.119.118? but I cant change the WAN port. I have 8 ips and I need and want that to stay on 115.

    and yes X6 is off at this point, I no that.


  • johnnyzjohnnyz Newbie ✭

    WELL ANYWAYS, SONICWALL CAME OUT WITH A NEW FIRMWARE AND IT FIXED THE ISSUES I HAVE BEEN HAVING SINCE JUNE-THE LAST FIRMARE - So all is good now. This was a hard one to figure out. 8 months on a lot of forums. I thought it was the web server, then Let’s Encrypt, then my service provider and then SonicWall. So, turns out after all this is was SonicWALL.

Sign In or Register to comment.