Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Two web servers on TZ-300

We are a small office with TZ-300, one public IP and two web servers which need to be accessed from the internet: https://app.contoso.com and https://dev.contoso.com

From this SonicWall article (https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-nat-policies-on-a-sonicwall-firewall/170505782921100/), at section “Inbound Port Address Translation via WAN (X1) IP Address”, I found how to access both servers but it requires the user to access https://1.1.1.1:4433 and https://1.1.1.1:4434 which is not suitable to our case.

I would like to know if our desired architecture work with TZ-300, and instructions.

Regards.

Category: Entry Level Firewalls
Reply
Tagged:

Best Answers

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    Hi @fre

    with just one public IP address you cannot "share" port 443, because NAT does not work SNI based. I would suggest just install a reverse proxy (NGiNX would be my weapon of choice) in the DMZ and let it do the HTTPS offloading and forwarding requests based on the requested to app or dev. Sorry that there needs to be another system involved, but I see no other option.

    --Michael@BWC

  • CORRECT ANSWER
    frefre Newbie ✭
    Answer ✓

    Solution for this case: firewall forwarding to a NGINX server, and this proxy to our internal servers

Answers

Sign In or Register to comment.