Announcement

Collapse
No announcement yet.

Setup with a Sonicwall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setup with a Sonicwall

    Probably a silly question but I have no experience with this sort of environment and since inheriting a company with a Sonicwall device I'm trying to do my best to figure out what's going on but cannot get through one very important thing. Basically from the documentation left it would seem that there is a router with a public IP of x.x.x.1 in front of a Sonicwall tz-210 with a public IP of x.x.x.2. I'm not quite sure why the 2 separate public IPs to start with. Most importantly however I don't understand why I cannot RDP to the server that's behind that firewall. The main router which because of it's operation we should probably call a modem is connected to X1 of the firewall and then X0 is connected to a switch with all the LAN computers. To start with I marked Https management option on the X1 WAN interface of the firewall yet I cannot link to it remotely by browsing to it's public IP. Then I created an access rule that should allow me to RDP only from my remote IP (static) to the server and it just doesn't work. The rule states that when the source IP is my public IP and the destination is the server's local IP I should be allowed to connect. When I go thought the firewalls log I can see ICMP Destination unreachable, Code 4. Can someone please help?

  • #2
    Re: Setup with a Sonicwall

    ICMP Destination unreachable, Code 4.


    The datagram is too big. Packet fragmentation is required but the 'don't fragment' (DF) flag is on.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Setup with a Sonicwall

      Did you set a NAT policy???

      Comment


      • #4
        Re: Setup with a Sonicwall

        I know what code 4 means but I have only "Fragment non-VPN outbound packets larger than MTU" (ticked) and "do not send ICMP fragmentation needed for outbound packets" (unticked). Nothing about incomming traffic on the WAN interface. I've got a NAT policy indeed. It says anything from my public IP translated to Original via Terminal Services going to WAN Primary IP (x.x.x.2) translated to Server Internal IP going via Any interface. Should I be RDPing to the x.x.x.1 or ...x.2 public address?

        Comment


        • #5
          Re: Setup with a Sonicwall

          Normally you would RDP to the public ip of the WAN interface on the firewall. Are there any access lists or filters on the router in front of the sonicwall?
          CCNA, CCNA-Security, CCNP
          CCIE Security (In Progress)

          Comment


          • #6
            Re: Setup with a Sonicwall

            According to the documentation I have there is nothing it only provides the Internet connection

            Comment


            • #7
              Re: Setup with a Sonicwall

              I would check that edge router to see if there is any filtering going on.
              CCNA, CCNA-Security, CCNP
              CCIE Security (In Progress)

              Comment


              • #8
                Re: Setup with a Sonicwall

                It's in pass-thrugh. Doesn't even have an internal IP.

                Comment


                • #9
                  Re: Setup with a Sonicwall

                  Your best bet is to log those connections attempts to see where the problem is.
                  CCNA, CCNA-Security, CCNP
                  CCIE Security (In Progress)

                  Comment


                  • #10
                    Re: Setup with a Sonicwall

                    Do you have the relevant firewall rule in place as well???

                    What IP address are you trying to connect to???

                    Can you please show me your NAT policy and firewall rules.

                    Comment


                    • #11
                      Re: Setup with a Sonicwall

                      Auglan you were right. The Netgear sitting in front of the firewall had Inbound Bock All as the only default firewall rule. I added Any from My Public IP Allow and pass to x.x.x.2 (sonicwall). From then on I started seeing my RDP attempts in the Sonicawall's log. Initially they were dropped by an Access rule which I set incorrectly as I thought it should be MyPublic>ServerInternal Allow on any interface. I changed it to MyPublic>ServerExternal Allow and now it works. Thought my NAT policy should have taken care of translating my attempts into servers private IP but it looks like it either doesn't or I just don't understand how it works. The strange thing is I can now RDP via both the public IPs ....x.1 and ....x.2 where ideally it should work on one only but I can't even decide which one although probably it doesn't matter much.

                      Comment

                      Working...
                      X