Professional Documents
Culture Documents
1
The next step prompts the administrator to select the type of WAN
connection (Static IP, DHCP, PPPoE, or PPTP) and provides hyperlinked
descriptions via popup windows to each of these connection types.
Selecting a type, for example “Static IP” and clicking “Next” will
bring up the appropriate configuration screen:
2
Note: The Wizard will query the LAN for an DHCP server prior to
presenting the DHCP Server configuration screen; if an existing DHCP
server is detected on the LAN segment by the Wizard, the internal DHCP
server configuration screen will not be presented so as to avoid a
potential DHCP server conflict.
The next page will summarize the values assigned by the Wizard, and
will prompt the user to Apply the settings. While the settings are
being applied, which should take approximately 5 seconds, a status
window will show an animated progress indicator:
3
The Public Server Wizard
The Public Server Wizard is the most ambitious and functional wizard
developed to date. It simplifies the complex process of creating a
publicly and internally accessible server resource by automating the
following steps:
The first page of the Public Server Wizard prompts the administrator
to select the kind of server to make available. Predefined types, and
their individually selectable included services are:
1. Web Server – includes HTTP (TCP 80) and HTTPS (TCP 443)
2. FTP Server – includes FTP (TCP 21)
3. Mail Server – includes SMTP (TCP 25), POP3 (TCP 110) and IMAP
(TCP 143)
4. Terminal Services Server – includes MS RDP (TCP 3389) and Citrix
ICA (TCP 1494)
5. Other - allows the administrator to select or define their own
Services or Service Groups.
Notes:
• At least one service must be selected for any Server type.
• If enabled, WAN Access to the Web GUI will take precedence over a
Public Web Server using the Primary WAN IP as a public (external)
address. WAN Access to the Web GUI should be disabled, or the
4
port values should be changed from their defaults if a Public Web
Server is being configured on the Primary WAN IP.
5
1. Create 'myWebServer_private' The address object will be created
assigned to LAN Zone for Host and name serverName_private, and
192.168.168.80. will be assigned to the correct
Zone as determined by the address
provided.
2. Reuse 'WAN Primary IP' address If the IP provided is that of the
object assigned to WAN Zone for WAN interface, the WAN Primary IP
10.50.165.11. object will be reused, otherwise a
new object will be created and
name serverName_public, assigned
to the WAN Zone.
Server Service Group Object
1. Create 'myWebServer_services' Rather than creating individual
with HTTP and HTTPS Services. NAT policies and Access Rules for
each service, a single service
group, name serverName_services
will be created. The administrator
can then add additional services
to this group to easily enable
more public service accessibility.
Server NAT Policies
1. Create Server NAT Policy to A NAT rule is created allowing
rewrite packets to original hosts on the Internet (WANÆZone)
destination 'WAN Primary IP' to to reach the public server by
translated destination translating from the Public IP
'myWebServer_private' for Service object to the Private IP object
Group 'myWebServer_services'. for the appropriate services.
2. Create Loopback NAT Policy to Solving one of the more prevalent
allow access from all internal issues with SonicOS Enhanced, a
zones to the server at public IP Loopback NAT policy will be
address 10.50.165.11. created, allowing the new Address
Object “Firewalled Subnet”
(inclusive of all existing non-WAN
subnets) to reach the Public
Server via its public (external)
address. No NAT Policy is
necessary to allow access from the
“Firewalled Subnets” via the
private (internal) address.
Server Access Rules
1. WAN > LAN - Allow 'Any' to 'WAN An Access Rule is created allowing
Primary IP' for Service Group access from the WANÆZone (e.g.
'myWebServer_services'. LAN) via the appropriate Public IP
Address Object (in this case, the
WAN Primary IP) for the required
services group.
6
Similar rules will be created from If the Public Server resides on a
all lower security zones to the Trusted Zone instance (e.g. the
LAN zone. LAN), Access Rules will be created
as needed to allow LANÆLAN and
DMZÆLAN access. If the Public
Server resides on a Public Zone
instance (e.g. the DMZ), Access
Rules will be created as needed to
allow DMZÆDMZ access; Trusted
Zones will have access to Public
Zones by default.
Clicking “Apply” will show the animated progress screen while the
settings are applied, followed by the final summary screen: