Public facing web server on SonicWALL VLAN

SonicWALL TZ205w

I have a SonicWALL TZ 205w sitting behind my fibre connection with my web server running on an ESXi server connected to the SonicWALL via a VLAN to isolate it from my LAN.

This has proved to be a bit of a mission because I don’t have a modem between the SonicWALL and the ONT, optical network terminal. In addition my ISP uses a VLAN for fibre. Lastly because my ESX box only has one network card I am using a VLAN for connecting my web server to the SonicWALL.

Related posts

ESX VLAN to SonicWALL DMZ
This details how to connect an ESX virtual machine to a SonicWALL DMZ to isolate it from the LAN

Connect SonicWALL TZ205w to Fibre ONT
This details how to get the SonicWALL connected to fibre with Spark NZ which uses a VLAN.

Setup

As with the other related posts it is important to remember I did this with a generation 5 SonicWALL appliance, TZ205w running firmware SonicOS Enhanced 5.9.1.6-5o.

Most of the work for this is done using a wizard, so go click on “Wizards” at the top right of the SonicWALL web page

Select “Public Server Wizard” and click on “Next>”

On the “Public Server Type” select “Web Server” and enable only HTTP. I find it easier to do this as two tasks. Click on “Next>” to continue.

On the “Server Private Network Configuration” page enter a server name the internal details of the internal web server:

Private Network Details

The screen is “Server Public Information” this is where you put the public IP of your web server, in my case “222.154.251.86”

Then finally you get to summary screen. Check this over and click on “Apply”:

Summary

At this point you will likely find that outside of your lan, on the Internet, people can get to your site but from the lan you can’t get to it. This is because the loopback policy is not working.

You need to go to “Network | Routing” and you should find you have a new entry “DMZ Subnets”. You should click on the “Configure” button for this route:

DMZ Route

You should change this so it looks like:

DMZ Route

Naturally if you want this to be accessible via HTTPS you repeat but select HTTPS on the “Public Server Type” page.