Public facing web server on SonicWALL VLAN

 I have a SonicWALL TZ 205w sitting behind my fibre connection with my web server running on an ESXi server connected to the SonicWALL via a VLAN to isolate it from my LAN.

This has proved to be a bit of a mission because I don’t have a modem between the SonicWALL and the ONT, optical network terminal. In addition my ISP uses a VLAN for fibre. Lastly because my ESX box only has one network card I am using a VLAN for connecting my web server to the SonicWALL.

Related posts

ESX VLAN to SonicWALL DMZ
This details how to connect an ESX virtual machine to a SonicWALL DMZ to isolate it from the LAN

Connect SonicWALL TZ205w to Fibre ONT
This details how to get the SonicWALL connected to fibre with Spark NZ which uses a VLAN.

Setup

As with the other related posts it is important to remember I did this with a generation 5 SonicWALL appliance, TZ205w running firmware SonicOS Enhanced 5.9.1.6-5o.

Most of the work for this is done using a wizard, so go click on “Wizards” at the top right of the SonicWALL web page

Select “Public Server Wizard” and click on “Next>”

On the “Public Server Type” select “Web Server” and enable only HTTP. I find it easier to do this as two tasks. Click on “Next>” to continue.

On the “Server Private Network Configuration” page enter a server name the internal details of the internal web server:

The screen is “Server Public Information” this is where you put the public IP of your web server. Previously I have entered the actual static IP of my server but the last time I left it as “0.0.0.0”

Then finally you get to summary screen. Check this over and click on “Apply”:

When finished you should see:

At this point you will likely find that outside of your lan, on the Internet, people can get to your site but from the lan you can’t get to it. This is because the loopback policy is not working.

You need to go to “Network | Routing” and you should find you have a new entry “DMZ Subnets”. You should click on the “Configure” button for this route:

DMZ Route

You should change this so it looks like:

DMZ Route

Naturally if you want this to be accessible via HTTPS you repeat but select HTTPS on the “Public Server Type” page.

After getting this working I moved to a new Sonicwall. I am writing this part of the post some weeks after the event so I have forgotten the exact problem I had but I think it was around accessing from the LAN. None the less I am attaching some screen shots of the working system in case they are useful:

 

+Enlarge

+Enlarge