What do I need to do in order to enable remote HTTPS management of a SonicWall NSA3500
I am trying to make a few changes on a firewall by connecting remotely to a desktop at work. I need to do a change that I think may reset and change the LAN interface.... I am worried about being kicked out and having to travel to work to reset it.
The wan interface doesn't need any change, so, I want to try to enable remote management from my IP, but, I am not having any luck.
Network > Interfaces, the HTTP and HTTPS box is checked for WAN...
...and also when I go to
Firewall > Access Rules > Wan/WanI see an automatically created rulle for
Now, to diagnose, I had a constant running ping... When I either disabled ping under interfaces, or, changed the source away from any under firewall, the ping stopped.... so I am sure that this is where I need to make the change... However, I just can't seem to connect via SSH/HTTP/HTTPS...
All I can think of is that the WAN port is not a trusted interface, but, surely by enabling management, I overwrite that setting? ... Is there something hidden somewhere I need to do to enable remote management?
Hmm, I don't have 150 reputation, so, I can't create tags :( management is the only one I can think of that already exists
If you have enabled HTTPS on the interface and still have the default allow any firewall rule for the HTTPS management service then remote management should be configured.
If you have enabled the SSLVPN you will probably have changed the management port to something else... generally 8443 but you can check this in the System -> Administration menu. you should see the port setting in the HTTPS administration port setting.
If its not working then check that you are trying to connect to the correct IP address. you need to connect to the interface IP address.
Also check the logs of the firewall after trying to login. If its being denied it should tell you and hopefully give a useful reason why. if you still have problems please port the logs and I will have a look.
SSL VPN is disabled (and configured to port 4433) :( I do have a NAT rule for HTTP, but, nothing for HTTPS... And it is the correct IP... This has stumped and is annoying me :( I think I may quickly try to bounce the box.... Thanks for trying, but, I don't suppose you have any other hints? (FYI, Logs don't show anything... I'm just not getting anything when trying to connect).
OK can you try and add a NAT rule for HTTPS. Go to your NAT polices and select the "default policies" radio button. There should be an auto generated NAT rule that you CANNOT delete so it should be there. if its not, try to add it. Copy the rule thats in use for http.
Also have you tested the http or SSH management to see if they do work? I wouldnt recommend using http but just see if you can get the login page.
Ping is the only one that works... I can't log in via SSH remotely and SNMP isn't configured... Since restarting the box, I am now seeing "TCP connection Dropped" in log when going to HTTP and Web Access Request Dropped when going to https... Going to investigate quickly.
Hmm... I reset statistics and hovering over the allow WAN > WAN https rule shows that it goes up whenever I refresh the page, but, nothing comes through and I see the connection drop in the log :( Any hints!? This has really confused me.
Whats the current status of the NAT for HTTPS management and is there any hits against it? what events are you seeing in the logs?
Thanks so much for your help... Got it working now, see my answer for info.
Finally sorted - Changed the WAN IP/subnet.
Detailed answer for the people who are interested or want to know...
The problem lies in the fact that my ISP uses a /31 subnet. When we first set up the Sonicwall, it did not allow us to apply this ip as a static ip as it came up with a configuration error.
I brought this to the attention of SonicWall/Dell and after fighting with them for so long that I was not trying to apply a broadcast IP/network IP to the interface and showed them RFC 3021, they finally gave in that the firewall does not support it.
Anyway, that was almost (if not longer than) a year ago and we managed to do a workaround in that it applied the /31 fine via DHCP... and, everything worked great - until I wanted to do remote management!
GerryEgan was very helpful, but, after he finished trying to help, I noticed that my computer was transmitting to the SonicWall but not recieving anything back - however the statistics on the Sonicwall for TX on the HTTPS rule were going up and RX remained still.
I just had an idea that maybe this /31 subnet goes much deeper in the firewall and after changing the subnet from /31 to /30, I confirmed everything worked fine - so confirmed that the issue is due to SonicWall not supporting /31 subnets - even if it successfully applies via DHCP.