2 Replies Latest reply on May 30, 2015 10:08 PM by desktoporga_fba

    FM 14 and NAT

    desktoporga_fba

      We run several  FM-Servers behind a Sonicwall.

      To reach these different FM-Servers we have configured the Firewall to forward external Ports 50003 to server1, Port 50004 to server2, port 50005 to server3 and so on. Internal port is alway 5003 and it works fine with FM 13.  We have multifile-solutions.


      URL example for this construction is: fmp://server1.dto.de:50004/Menu_CustomerX.fmp12  to connect to "Menu_CustomerX.fmp12" on server2.


      FM 14 starts to connect as well with the file "Menu", opens some other files but then ist starts to ask for login-password for "Menu", to which I am already logged in - and worse - does not accept the login. So I get into a login loop, no way out.

       

      Workarround for us is using VPN, but we also offer this to our customers for temporary testings of their solution before deployment.

       

      Has anybody else experience with a similar construction?

        • 1. Re: FM 14 and NAT
          DrewTenenholz

          wwdto --

           

          One suggestion that comes to mind is to use multiple public IP addresses which have a one-to-one NAT translation to separate internal IP addresses.  That way, you don't need to try and muck with forwarding different ports on the same IP to different machines.  (Though that should be possible with a SonicWall as well.) 

           

          If you also pair my suggestion up with good DNS entries, you can then tell your customers to aim their client to server1.mydomain.tld and server2.mydomian.tld, etc.  which will probably be easier for them (and you) to remember.

           

          -- Drew Tenenholz

           

          P.S.  Assuming you have a relatively recent SonicWall and aren't doing anything crazy like running SonicOS 'classic'.  Look under Network > NAT Policies and set up something like:

           

          Orig. Source: Any

          Translated Source: Original

          Original Destination: (network address object referring to server 1 public IP)

          Translated Destination: (network address object referring to server 1 private IP)

          Original Service: Any (or FMPro service group object referring to the necessary port collection)

          Translated Service: Any

          Inbound Interface: (for me, this is X2 === DMZ)

          Outbound Interface: Any

          Tick the box for 'Enable NAT Policy'

          • 2. Re: FM 14 and NAT
            desktoporga_fba

            Hello Drew,

            thanks for your reply.

             

            Last year we moved with the company and had to change our internet-provider, so there is only one public IP-address available. We had 16 public IP-Adresses before, we had to give up them.

            - The SonicWall is up-to-date, and we have the maintenance contract with them.

            - We have already configured the rules for port-forwarding you recommend

            - we have working DNS-Entries

            - It still works fine with FM 13

             

            The changed element is FM 14 and it works no more.

             

            We have multifile-solution.s It is the first file that is opened (menu) that ask for Login again, during startup-procedure.

            I looked inside again and found some suspicious (double) externals datasource-entries I will check next.

            Maybe the trouble is inside of my solution.

             

            However - with FM13 it worked.