Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TZ170 - Need some guidance! 1

Status
Not open for further replies.
OpenSouceBB

OpenSouceBB

IS-IT--Management
Jan 19, 2006
1
0
0
US
I need some help with our sbs2003 server and my sonic wall.

My first issue is that I cannot access the firewall's website to log in and make changes. The server has an internal and external NIC. The only way I can access it is if I connect it directly to the internal NIC. Is there a work around for this so I can access it when connected to the external NIC?

My second issue is getting the router to allow public users to connect to the remote workplace website/interface.
Basically open ports 80, 443, 445, etc.

Thanks in advance.
 
Sort by date Sort by votes
If you have support give sonicwall a call or buy some support i find that they are 80% great and if you cant get into the firewall default it you can find the details on the sonicwall website.
 
Upvote 0 Downvote
I am not sure if you have a TZ170 with Standard OS or Enhanced OS. Assuming its standard OS.

To access via WAN (external) you need to login to Sonicwall Management Interface from LAN, in FIREWALL, access rules. add a new rule for: allow, service = https management, source - WAN, destination = Management Interface.

You will now be able to connect you PC to the WAN and access the Sonicwall via ip address.

Note you can only access using https.

The various ruiles you need to allow remote access are set-up in a similar way. The destination will be your small biz server IP.

If you need to access via internet, you will have to set-up port mapping / forwarding on you modem / router to forward to ports to Sonicwall WAN ip.

Hope this helps.



Sonicwall CSSA
 
Upvote 0 Downvote
Ok you have several issues that I will address:

Issue 1) My first issue is that I cannot access the firewall's website to log in and make changes?

Simaler to what OEA stated: on Sandard OS you need to make a HTTPS MGMT rule on the WAN interface.

If you are running Enhanced OS: just go to Network > Interfaces - WAN and click configure. Turn on HTTPS Mgmt.

Some advice is needed for Remote WAN mgmt; Change the Username from ADMIN and change the password to a 15 character complex password. That will stop password attacks. Also put your router in Stealth Mode to stop Footprint Attacks.

Issue 2) is getting the router to allow public users to connect to the remote workplace website/interface.
Basically open ports 80, 443, 445, etc.

1. Use the OPT interface in NAT mode and put the Web Server behind it and assign it a static IP address.

2. Make a StaticNAT policy to allow users to connect to the public IP of the Web Server

3. Make firewall rule to allow HTTP, HTTPS to the Web server only and deny everything else.

These are my suggestions based on the limited info you provided. Send me the design and what you are trying to do and I can help you further.



Roger L White CISSP, CISA, CISM, GSEC
Certified SonicWALL Instructor
Security Team
Invenio Technology
(212)244-4994 ext. 715
(917)326-0386
Need Help call anytime.
 
Upvote 0 Downvote
Hi Rodger, just thought I would compliment you on comprehesive post all the way to complex password level!. Saw your comments on 3.2 looks good.

Owen Anderson
IP Clarity

Sonicwall CSSA
 
Upvote 0 Downvote
Thanks OEA I am glad to help. I notice you try to help out also and I appreciate it. Can you please click on the "Thank... for valuable post", it let's me keep track of how helpful my post are.

Roger L White CISSP, CISA, CISM, GSEC
Certified SonicWALL Instructor
Security Team
Invenio Technology
(212)244-4994 ext. 715
(917)326-0386
Need Help call anytime.
 
Upvote 0 Downvote
One more suggestion to slightly tighten up the security if you are going to leave the WAN management enabled. I always change the HTTPS admin to a non-standard port. This has two benefits.

(1) It reduces exposure to port scans.

(2) It leave the option of forwarding HTTPS traffic for other uses, like Outlook Web Access through HTTPS if you are using it.

If anyone has any reasons why they would suggest not doing this, I would be interested to hear.
 
Upvote 0 Downvote
Good Suggestion Pagan I tell all my clients and students to do that (matter-of-fact we do that as a lab in the SonicWALL CSSA Class)

Now about port scanning- hackers scan all ports because there is a vunerabilities for almost every TCP|UDP port out. To quote the distiguished Metallica "Sad but True.."

Check out this link for all current Port Attacks:


Roger L White CISSP, CISA, CISM, GSEC
Certified SonicWALL Instructor
Security Team
Invenio Technology
(212)244-4994 ext. 715
(917)326-0386
Need Help call anytime.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
146
Sameer258
Sameer258
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
56
PauS0n
PauS0n
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
41
Garbear
Garbear
texwiz
  • Locked
  • Question
need some help to properly set up, segregate and secure a network with an ASA 5505
Replies
2
Views
57
texwiz
texwiz
Modem80
  • Locked
  • Question
Novice SonicOS user, need routing help
Replies
2
Views
47
Modem80
Modem80

Part and Inventory Search

Sponsor

Back
Top