Thank you for reaching out to SonicWall Community.
Are you facing difficulties in accessing the webserver hosted behind SonicWall on port TCP 80 whereas TCP 443 HTTPS works? Did you perform any packet monitor on the SonicWall to understand that TCP 80 is blocked?
It looks like TCP port 80 traffic is forwarded by the firewall. Could you please check if the web server is accessible locally using its private IP address? Also, please let us know the interface Zone of the web server behind SonicWall.
@MUJTABA - I agree that the web server should be accessible on both the TCP ports 80 and 443. In order to trace the packet flow at the firewall level to check if the firewall drops/allows the packets, we perform packet monitor. As per the packet monitor information given by you, it doesnt seem like firewall dropping the TCP 80 packets. Possibly we may need to check the TCP 80 web server packet flow to understand the reason for the inaccessibility.
Please clarify below questions to locate the issue.
Is this a new setup or an existing one that was working?
Is the web server's public IP and SonicWall's WAN IP are same or different IP's?
Do you have HTTP management enabled on the WAN interface of SonicWall?
Let me know the Zone that the Web Server belongs in the firewall.
In the corresponding NAT policy for the web server using TCP port 80, please change only the translated source to X0 IP, save the policy and then test.
Answers
Hi @MUJTABA,
Thank you for reaching out to SonicWall Community.
Are you facing difficulties in accessing the webserver hosted behind SonicWall on port TCP 80 whereas TCP 443 HTTPS works? Did you perform any packet monitor on the SonicWall to understand that TCP 80 is blocked?
Please let us know.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
yes port 80 shows as FORWARDED
Hi @MUJTABA,
It looks like TCP port 80 traffic is forwarded by the firewall. Could you please check if the web server is accessible locally using its private IP address? Also, please let us know the interface Zone of the web server behind SonicWall.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
yes 80 in accessible locally, if TCP 443 is working on the same interface zone of the web server then why not TCP 80 is working?
@MUJTABA - I agree that the web server should be accessible on both the TCP ports 80 and 443. In order to trace the packet flow at the firewall level to check if the firewall drops/allows the packets, we perform packet monitor. As per the packet monitor information given by you, it doesnt seem like firewall dropping the TCP 80 packets. Possibly we may need to check the TCP 80 web server packet flow to understand the reason for the inaccessibility.
Please clarify below questions to locate the issue.
Please let us know and we can figure the issue.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
@MUJTABA - Thanks for all the details.
One suggestion from my side at this point is,
In the corresponding NAT policy for the web server using TCP port 80, please change only the translated source to X0 IP, save the policy and then test.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
i am able to connect rdp port 3389 which is on X1 IP as well as 443 is on X1 working
then TCP 80 should work too, problem is somewhere else
Hi @MUJTABA,
Could you please let us know if you were able to try the source translation NAT policy suggestion? If yes, did it help?
As we told previously, we have to perform packet capture on the SonicWall and analyze it to pin point the issue and solution.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services