Announcement

Collapse
No announcement yet.

Access FTP Server Behind SonicWall TZ180

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access FTP Server Behind SonicWall TZ180

    Greetings all, I will try to be very specific with my question. We are currently having our FTP site hosted by a third party whose QoS has become very inconsistent. I wish to host the FTP site on our internal Exchange 2003 server. The machine sits behind a SonicWall TZ 180, and the FTP service is allowed on port 21. IIS is installed on the server, and the FTP site is configured with the TCIP port set to "all unassigned". My question is this: what is the best method to drill through the firewall from the ISP's external address and access the FTP being hosted on the Exchange server? I didn't have any problems when I set up our mail for external browsing using HTTPS and OWA.

    As a print shop we rely very heavily on our FTP site being functional at all times. We receive most all of our client files via FTP, and cannot afford the downtime we have recently experienced. Any help on this will be greatly appreciated!

  • #2
    Re: Access FTP Server Behind SonicWall TZ180

    Add a firewall rule to allow FTP traffic from anywhere to the public IP address on your WAN to LAN.

    Add a custom NAT Policy that translates the external address to the internal address.

    Add another custom NAT policy to transate your internal to external so that it sends via that address.

    Comment


    • #3
      Re: Access FTP Server Behind SonicWall TZ180

      Thanks for your quick response wullieb1, I really appreciate it. I have the FTP rule in place. Regarding the NAT translation, If I translate those addresses, the rest of the machines on the network will lose internet access. How do I get around that problem?

      Comment


      • #4
        Re: Access FTP Server Behind SonicWall TZ180

        I forgot to mention that the server has 2 NICs installed. Would that be of any use in this situation?

        Comment


        • #5
          Re: Access FTP Server Behind SonicWall TZ180

          You clients shouldn't lose internet connectvity if your doing your NAT policies correctly.

          How have you configured them???

          Comment


          • #6
            Re: Access FTP Server Behind SonicWall TZ180

            Sorry for the delay in my response, company shut down for the holidays. I have not configured the NAT at this time. I felt a bit nervous as I am not that familiar with the SonicWall software. The configuration page for the NAT settings indicates a one to one range. I'm assuming that if a ranges of addresses are configured, then those addresses would all be forwarded to a specific port; is that correct? If that's the case, would that become a security risk?

            Comment


            • #7
              Re: Access FTP Server Behind SonicWall TZ180

              What you would do is this:

              1. Create an address object for the internal IP address of the FTP server.
              2. Create an address object for the external IP address of the FTP server.
              3. Configure a firewall rule for WAN to LAN, or WAN to DMZ, that states the following:

              Source: Any
              Destination: External IP of FTP server. (Address object you created earlier)
              Service: FTP (All)

              4. Configure a NAT policy that states the following:

              Source:
              Original: FTP Private
              Translated: FTP Public
              Destination
              Original: Any
              Translated: Original
              Service
              Original: Any
              Translated: Original
              Interface
              Translated: Original
              Inbound: Any
              Outbound: X1 (This will be the WAN connection that you will use)

              This policy is the policy that translates the private IP back to the public IP.

              5. Configure a NAT policy that states the following:

              Source:
              Original: Any
              Translated: Original
              Destination
              Original: FTP Public
              Translated: FTP Private
              Service
              Original: Any
              Translated: Original
              Interface
              Translated: Original
              Inbound: Any
              Outbound: Any

              This policy translates the public IP to the private IP.

              6. Configure a NAT policy that states the following:

              Source:
              Original: Firewalled Subnets
              Translated: FTP Public
              Destination
              Original: FTP Public
              Translated: FTP Private
              Service
              Original: Any
              Translated: Original
              Interface
              Translated: Original
              Inbound: Any
              Outbound: Any

              This policy provides you with a loopback so internal users can connect using the external address rather than internal. Very handy if you have travelling users that need to access the server from external. This is not needed but i would recommend that you use it.

              Comment


              • #8
                Re: Access FTP Server Behind SonicWall TZ180

                Should have used the KB earlier and i wouldn't sore fingers with all that typing lol.

                http://www.fuzeqna.com/sonicwallkb/c....asp?kbid=7508

                Straight from the horses mouth.

                Comment


                • #9
                  Re: Access FTP Server Behind SonicWall TZ180

                  OK, I'll give it a try and let you know what happens. Thanks very much for all of your input!

                  Comment


                  • #10
                    Re: Access FTP Server Behind SonicWall TZ180

                    Hi WullieB1, unfortunately, my SonicWall has the Standard OS, not the enhanced. Looks like it's time or an upgrade!

                    Comment


                    • #11
                      Re: Access FTP Server Behind SonicWall TZ180

                      Same principal different OS

                      http://www.fuzeqna.com/sonicwallkb/c....asp?kbid=3703

                      I've never used OS Standard though so might not be too much help with it as i'm not familiar with it.

                      Comment


                      • #12
                        Re: Access FTP Server Behind SonicWall TZ180

                        There's not nearly as much functionality in OS Standard. The only NAT config consists of entering IP addresses and a range for the public and private translation with no means of creating groups or rules with regard to same. That's why I can't create the loop back you mentioned. All the NAT config provides is a means of port forwarding, with no other enhancements.

                        Comment


                        • #13
                          Re: Access FTP Server Behind SonicWall TZ180

                          Originally posted by dmarkmclain View Post
                          There's not nearly as much functionality in OS Standard. The only NAT config consists of entering IP addresses and a range for the public and private translation with no means of creating groups or rules with regard to same. That's why I can't create the loop back you mentioned. All the NAT config provides is a means of port forwarding, with no other enhancements.
                          Thats the limitation of OS Standard i'm afraid.

                          I'd recommend upgrading the OS but its not that cheap.

                          Comment


                          • #14
                            Re: Access FTP Server Behind SonicWall TZ180

                            Yes, I agree completely. The cost is $650.00 USD, but the way I look at it, is if that will help our clients with a more reliable means to deliver their files to us, then the company will be much better off in the long run. To me it's a no-brainer!

                            Comment


                            • #15
                              Re: Access FTP Server Behind SonicWall TZ180

                              Originally posted by dmarkmclain View Post
                              Yes, I agree completely. The cost is $650.00 USD, but the way I look at it, is if that will help our clients with a more reliable means to deliver their files to us, then the company will be much better off in the long run. To me it's a no-brainer!
                              I agree but sometimes costs come before usability.

                              Comment

                              Working...
                              X