can't access an internal web server
Cesar
Newbie ✭
Hi,
I have a web server on X3 interface, IP 10.40.3.6, publishing on port 8005
I want to access it from X1(WAN) interface, with IP 10.10.3.141
I created a service object
I created an address object
I created a NAT entry
I created an Access rule:
I can access from a computer in 10.40.3.x by typing in a browser: 10.40.3.6:8005
when I type 10.10.3.141:8005 (X1 IP) in a computer in WAN with a 10.10.3.x address, the browser says it cannot reach the server.
What am I doing wrong?
Best
Category: Entry Level Firewalls
0
This discussion has been closed.
Answers
Hi @Cesar,
Thank you for contacting SonicWall Community.
Try creating a NAT policy and access rule like shown below.
NAT:
Source: Firewalled Subnets, Translated Source: X1 IP, Destination: X1 IP, Translated Destination: Airflow_server, Service: airflow_web, Translated Service: Original, Inbound Interface: Any, Outbound Interface: Any
Access Rule:
From Production To Production,
Source: Any, Destination: Any, Service: airflow_web, Action: Allow.
This should do the trick.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi @Saravanan ,
thanks for your reply. Unfortunately the result is the same. When typing 10.10.3.141:8005 in a browser in a computer in 10.10.3.x network (in WAN IF), the browser replies "connection error"
Best
Hi @Cesar,
Thanks for trying out the suggestion. Sorry to hear that the issue remains same.
Could you please share the screenshot of the NAT policy and access rule page? Also, please share the screenshot of the Network | Interfaces page.
Let me take a look and respond further.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi @Saravanan ,
please find attached the requested screenshots.
Best
Hi @Cesar,
Thanks. After seeing the Interfaces config, now I can understand the scene better. You are trying to hit the Server from a Computer on WAN zone. Please change the source on the NAT policy to Any and save it. Please delete the access rule created and create similar access rule from WAN to production. You were actually right with this access rule before. Sorry for asking you to change.
If this doesn't help, we may need to perform packet capture. Please try this and let us know.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi @Saravanan ,
it still doesn't work. just for the records I attach here the new Access rule and NAT policy.
Please let me know how to perform the packet capture.
Best
Hi @Cesar,
Thanks for sharing.
Please find below the KB article on how to perform a capture on SonicWall to trace the packet flow.
Hope this helps.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi @Saravanan ,
Unfortunately I cannot see the same screeen viewes as the KB article, might the version have changed. I cannot see any "monitor" tab or anything similar Under tools, I only have "migration tool" and "CTA report". Might it be an expired license what is preventing this monitor tool from showing up on the web interface?
I have captured some packets using the "packet monitor" under "INVESTIGATE" using the local web interface of the firewall. Would that be sufficient?
Best
Hi @Cesar,
I guess so. It would better to deal this in live via support call. Do you mind calling into our SonicWall Support for real-time assistance on this? Please refer below web-link for Support Contact Number based on your region.
Have a good day!!!
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services