Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

can't access an internal web server

Hi,

I have a web server on X3 interface, IP 10.40.3.6, publishing on port 8005

I want to access it from X1(WAN) interface, with IP 10.10.3.141

I created a service object

I created an address object

I created a NAT entry

I created an Access rule:

I can access from a computer in 10.40.3.x by typing in a browser: 10.40.3.6:8005

when I type 10.10.3.141:8005 (X1 IP) in a computer in WAN with a 10.10.3.x address, the browser says it cannot reach the server.


What am I doing wrong?

Best

Category: Entry Level Firewalls
Reply

Answers

  • SaravananSaravanan Moderator

    Hi @Cesar,

    Thank you for contacting SonicWall Community.

    Try creating a NAT policy and access rule like shown below.

    NAT:

    Source: Firewalled Subnets, Translated Source: X1 IP, Destination: X1 IP, Translated Destination: Airflow_server, Service: airflow_web, Translated Service: Original, Inbound Interface: Any, Outbound Interface: Any

    Access Rule:

    From Production To Production,

    Source: Any, Destination: Any, Service: airflow_web, Action: Allow.

    This should do the trick.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • CesarCesar Newbie ✭

    Hi @Saravanan ,

    thanks for your reply. Unfortunately the result is the same. When typing 10.10.3.141:8005 in a browser in a computer in 10.10.3.x network (in WAN IF), the browser replies "connection error"

    Best

  • SaravananSaravanan Moderator

    Hi @Cesar,

    Thanks for trying out the suggestion. Sorry to hear that the issue remains same.

    Could you please share the screenshot of the NAT policy and access rule page? Also, please share the screenshot of the Network | Interfaces page.

    Let me take a look and respond further.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • CesarCesar Newbie ✭

    Hi @Saravanan ,

    please find attached the requested screenshots.

    Best


  • SaravananSaravanan Moderator

    Hi @Cesar,

    Thanks. After seeing the Interfaces config, now I can understand the scene better. You are trying to hit the Server from a Computer on WAN zone. Please change the source on the NAT policy to Any and save it. Please delete the access rule created and create similar access rule from WAN to production. You were actually right with this access rule before. Sorry for asking you to change.

    If this doesn't help, we may need to perform packet capture. Please try this and let us know.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • CesarCesar Newbie ✭

    Hi @Saravanan ,

    it still doesn't work. just for the records I attach here the new Access rule and NAT policy.

    Please let me know how to perform the packet capture.

    Best


  • SaravananSaravanan Moderator

    Hi @Cesar,

    Thanks for sharing.

    Please find below the KB article on how to perform a capture on SonicWall to trace the packet flow.

    Hope this helps.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • CesarCesar Newbie ✭

    Hi @Saravanan ,

    Unfortunately I cannot see the same screeen viewes as the KB article, might the version have changed. I cannot see any "monitor" tab or anything similar Under tools, I only have "migration tool" and "CTA report". Might it be an expired license what is preventing this monitor tool from showing up on the web interface?

    I have captured some packets using the "packet monitor" under "INVESTIGATE" using the local web interface of the firewall. Would that be sufficient?

    Best

  • SaravananSaravanan Moderator

    Hi @Cesar,

    I guess so. It would better to deal this in live via support call. Do you mind calling into our SonicWall Support for real-time assistance on this? Please refer below web-link for Support Contact Number based on your region.

    Have a good day!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.