Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Access WebServer Behind ISP & SONIC Firewall

VickyBoyVickyBoy Newbie ✭
in Entry Level Firewalls

Hi,

I am trying to access a webserver behind the Sonic TZ300. I have succeeded in getting the VPN clients configured. But somehow the Webserver access are not going through. The ISP given router is facing the Internet and the TZ300 is behind the router. Below is the diagram . Need a step by step to access a webserver within the network using the Public IP Address

image.png


Category: Entry Level Firewalls
Reply

Answers

  • shiprasahu93shiprasahu93 Moderator

    Hello @VickyBoy,

    You would need to create a loopback NAT so that you can access the web server using the public IP while you are on the network. Please refer to the KB below for the same.

    https://www.sonicwall.com/support/knowledge-base/access-a-server-behind-the-sonicwall-from-internal-networks-using-public-ips-loopback-nat/170505780814635/

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • VickyBoyVickyBoy Newbie ✭
    edited August 2020

    Just clarifying the question and also made changes to the diagram

    I want to connect to the IIS Server from another location. I hit the ISP router/modem with Public IP 77.69.X.X first. For example I type 77.69.x.x:8080 in the browser.

    I think I should create a port forward from the router to the SonicFirewall. If yes the X1 is 192.x.x.3 I create the Portforward to 192.x.x.3 port 8080. Now the connection must hit the Sonic Firewall. How do we handle this connection to forward to the webserver (10.x.x.x)?

    image.png


  • shiprasahu93shiprasahu93 Moderator

    Thanks for clarifying @VickyBoy.

    In that case, you would need to configure a port forwarding on the firewall as below:

    NAT Policy should look as below:

    Original source; Any

    Translated Source: original

    Original destination: 192.x.x.3

    Translated destination: webserver (10.x.x.x)

    Original service: port 8080

    Translated Service: Original

    Inbound interface: X1

    Outbound Interface: Any

    Access rule from WAN to LAN should look as below:

    Source: Any

    Destination: 192.x.x.3

    Service: port 8080

    Action: Allow

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • paulrui21paulrui21 Newbie ✭

    Hi,

    I am trying to access a webserver behind the Sonic TZ670 which connected to X7 interface of the Sonicwall. The ISP's router has been bridged to the Sonicwall so the sonic wall is acting as the LAN's gateway. When the web server is put on the LAN subnet, it works with the right access rule and NAT policy but when it's put on the DMZ it doesn't seem to work. Your help will be very much appreciated. Please see the attached network diagram.

    Net Topology.jpg

    Kind Regards

    Paul.

Sign In or Register to comment.