Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

Access web server behind firewall from internet on primary wan ip when only secondary wan link is up

Se_Srikanth001Se_Srikanth001 Newbie ✭
in Mid Range Firewalls

This is a multi wan setup on TZ270 firewall. ISP1 is connected with X1 (say 192.100.101.1), and ISP2 is connected with X2 (say 192.100.102.1). A webserver on LAN with ip 192.168.1.16 is port forwarded on X1 ip. X1, X2 are added to failover & lb group with basic failover option.

Requirement is to access webserver on ISP1 wan ip address 192.100.101.1 even when ISP1 is down, but ISP2 on X2 link is up.

A. Is this possible ? How and what to configure to achieve this ?

B. If not possible, what is the alternative to achieve similar effect?

Thank you all in adavnce.

Category: Mid Range Firewalls
Reply

Best Answer

  • Options
    CORRECT ANSWER
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    Answer ✓

    I assume you mean from internal, as accessing it externally on X1 IP when X1 is down is obviously not going to happen.

    Loopback NAT policies will allow you to reach port-forwarded resources by their public IPs from an internal network.

    However, if X1 is dynamically configured [DHCP or PPP] you might struggle to get loopback NAT working if that interface is down, as I don't think the firewall will know how to reach it. If the IP is fixed on X1 then you can create an address object for that IP to use in access/NAT policies. If the interface is dynamic and the IP is not fixed then you would be best using internal DNS to handle this.

Answers

  • Options
    Se_Srikanth001Se_Srikanth001 Newbie ✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/19981#Comment_19981

    Thank you, Arkwright. X1 is fixed static ip, and X2 is fixed static ip on PPPoE link. I am trying to access the port forwarded server (in LAN zone) from internet using X1 ip.

  • Options
    MustafaAMustafaA SonicWall Employee

    If you are using public DNS record, you can define redundant IP address, so that if connection to public IP address of X1 fails, then it can be accessed through the public IP address of X2.

    Second option is to use Dynamic DNS feature on the firewall by selecting the binding to "Any". The Dynamic DNS public record will be updated with the available public IP of either X1 or X2, depending on which one is active based on the Basic Failover configuration.

    Let me know if these meet your requirement.

    image.png


Sign In or Register to comment.