How do I re-connect to our Virtual office/Portal Settings when new IP addresses have changed?
BOSullivan
Newbie ✭
We have a TZ570 firewall in place. We were issues new public IP address last week. Since then we are no longer able to connect the Sonic Wall Virtual Office. The error generated is "Connection has timed out". I went though the "SSL VPN" menus starting with Status, Server settings, Client Settings, Portal settings, and Virtual Office. I didn't see anything indicating what I should do when your public IP addresses have changed. Is there a DNS entry, I have changed? Do I have to change any entries in any of the following: Object or Policy?
Category: Mid Range Firewalls
0
Answers
First and foremost, please ensure that your SSLVPN traffic coming from the public source (initiator) is reaching the firewall. You can utilize Packet Monitor for this purpose and filter traffic based on the configured SSLVPN port.
You will want to confirm the WAN IP address. (default X1) Or whatismyip.com
The interface should have SSL users check box checked. Interfaces > X1
check that SSLVPN is enabled on WAN
Network > SSLVPN > Server Settings > make sure WAN is enabled.
If you have a proper cert in place, you will be able to select it on this page.
Network > SSLVPN > Server Settings > Certificate Selection.
I assume you have already checked these pages. So, the other question I have to ask is how are you establishing your connection on the client? Can you see the Virtual Office when you go to the IP address directly? (https://111.111.111.222)
Also, are you Outside of the network? the client won't work if you are behind the firewall.
are you using an IP address? - if yes, then you should use the WAN IP.
are you using a FQDN/NAME? (remote.yourdomain.com) - If yes, then you may want to check with your domain name provider and update your "A Record."
Sometimes the ISP can provide you a static IP address to use, but still allow you to use DHCP until you make that change. In this case you may need to modify the interface to assign the static IP address to your WAN interface. Checking the current WAN IP should help Identify if this is the issue.
- I hope this is helpful
Thanks, I will double check everything you mention.
This is for Mustaffa,
Checking if the SSLVPN traffic coming from the public source is reaching the firewall, is then on the client side on the firewall?
Hi @BOSullivan
You can use Packet Monitor tool which can capture packets coming in (ingress) and going out (egress) of the firewall. Let's assume the SSLVPN Server port on the firewall is configured as 4433 and you can set the Destination Port and observe if there is any ingress traffic coming to the firewall.
How can I setup and utilize the Packet Monitor feature for troubleshooting?
https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/170513143911627/
Does your environment have any middle routers (in betweed ISP - Sonicwall NSa570).
if yes
do you port forward the public traffic to firewall.?
if No
check the IP addresses (do you have public Static IP)