keep resetting NAT to make webserver accesible from outside

[clegs907]

Hi,

My sonicwall pro 3060e is running well except I keep resetting my outgoing NAT to make my webserver accessible from outside. Does anyone have any suggestions where I could diagnose whats causing it.

I have exhausted my effort in searching for remedy but of no avail.

thanks in advance.

Regards,

clegs

 

[joepc]

What do you mean by "resetting" your outgoing NAT? The NAT Policies process from top to bottom. The more detailed the NAT rule the higher priority (at the top) it gets. You may have another outgoing NAT policy that your web server if falling into that has a higher priority.

At times you need to make your web facing devices "go out to the web" using the same Public IP address as the incoming connections or they won't work right.

What ever you make your primary Public IP address in the firewall is going to be the default IP address you will go out to the internet on unless specified other wise. So if you were to go to a "Show My IP" web site you can see what I am saying. You can make your outbound NAT policies change this to what the incoming IP is.

Please add a little more detail if this does not solve your issue.

 

[clegs907]

Hi Joepc,

Thanks for responding on my post.

Everything is set up properly, created the firewall rules and NAT policies. It seems the connection will hold for a while, then suddenly the outbound NAT stops working. I need to stop/start the outbound NAT to make the website accessible again.

I could see an error on the log "LSA[Refresh]: timer expired". Do you think it is related to the NAT problem?.

Thanks

clegs

 

[joepc]

Do you have the latest firmware ver installed?

Are you including all ports in the same outbound NAT policy?

Have you tried removing power for 20 secs and then plugging it back in? Maybe something is stuck in RAM? If you can't reboot try flushing the arp cache to start.

If all else fails try being more specific or less specific with the policy and see if that changes.

 

[clegs907]

I have the SonicOS Enhanced 4.2.1.4-7e Firmware.

I even tried allowing all ports in my outbound NAT policy.

I haven't tried removing the power because I have 50 VPN site-site tunnel connections and about 60 Global VPN clients connected 24/7. I also flushed the arp cache.

I have tried creating manually the address objects, NAT policies and firewall rules. Also explored the different options on the NAT policies but still of no avail.

I bought this Sonicwall in ebay. Maybe that's why they are selling it because there's a problem.

Anyway, the site-site VPN tunnel and Global VPN works fine except for my website.

THanks again,

clegs

 

[joepc]

Can you set your website to point to your WAN Interface IP? This would allow the default outbound NAT polies take place.

Also have you tried using the rule/policy wizard?

 

[clegs907]

Yes the first thing I did was used the rule/policy wizard.

I'll try to use the WAN ip. And will update soon.

Thanks again,

Clegs