Opening ports on a Sonicwall NSA 2400 firewall for Ms Direct Access server 2012 RRS feed

  • Question

  • Can someone help with the step by step configuration of a sonicwall NSA 2400 firewall to allow Ms Direct Access please. I have gone through the sonicwall forums and have failed to get any help.

    Wednesday, March 20, 2013 10:31 PM

All replies

  • Hi,

    what OS version do you run? If you put the DA server behind the NAT-firewall only the least efficient protocol (IP-HTTPS) can be used for DA. If you want use IPSEC or Teredo the DA server must have configured public IP addresses. Here the article listing the firewall ports.

    Direct Access link collection -



    Tuesday, April 2, 2013 4:00 PM
  • Hi Lutz,

    Thanks for the response, the OS is Server 2012, thanks once again.

    Tuesday, April 2, 2013 6:36 PM
  • That is great. And you should be good to go. Let us know how it goes. Thank you, Lutz
    Wednesday, April 3, 2013 7:09 AM
  • The server configuration went well and the issue now is for the client to go through the sonicwall nsa 2400 firewall from outside.

    The client tries to connect and stays on connecting for ever.

    I am testing with a windows 8 client.

    Wednesday, April 3, 2013 10:06 AM
  • From external, not from the Windows 8 client, can you verify what certificate is installed on the DA server?
    e.g. open a web browser and go to https://URLofYourDAServer or use openssl s_client -connect URLofYourDAServer:443
    Thank you,
    • Proposed as answer by guruletz Friday, June 27, 2014 6:46 PM
    Wednesday, April 3, 2013 3:25 PM
  • Did you ever figure this out? I'm trying to get DA running and also getting stuck on the Sonicwall configuration
    Tuesday, October 15, 2013 8:41 AM

  • I can assist you getting this working with Sonicwall firewall. On your firewall, you will need to allow HTTPS (port443) inbound to your DA server. I have done this a couple times and working like a charm. MS Direct Access server  2012 and Sonicwall NSA 2400 with port 443 open going to DA.

    From your SonicWall NSA 2400, use the Wizard, choose Public Server>then Webserver> uncheck HTTP (TCP port 80) leaving HTTPS (TCP 443) checked, click next.


    • Edited by Orvalt1 Saturday, January 4, 2014 11:27 PM
    Saturday, January 4, 2014 11:14 PM
  • Hi Orvalt1

    I have a Sonicwall NSA3500 which im struggling to get DA working through.

    DA server is 2012R2 configured with one nic.

    Any help on this is much appreciated.


    Wednesday, July 30, 2014 8:29 PM
  • Did you ever figure this out? I'm having a similar issue. 

    Friday, March 3, 2017 1:46 PM