Question

How to setup SonicWALL SOHO's port forward

Asked by: mxh778872

I have a SonicWALL SOHO3 firewall as NAT and a terminal services server(192.168.0.250) inside this firewall, I'd like to TS to my TS server in my home. Is it possible to setup SonicWALL's port forward feature and how to?

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-08-06 at 06:45:02ID21084734
Tags

soho3

,

sonicwall

Topics

Miscellaneous Networking

,

Networking Hardware Firewalls

,

Remote Desktop/Terminal Services

Participating Experts
2
Points
125
Comments
3

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. SOHO Sonicwall at Terminal Services
    I'm trying to setup Terminal Services through a SOHO firewall. I setup a service named "Terminal Services" on TCP Port 3389 I then setup a rule with the following attributes: 1. Allow 2. Service name "Terminal Services" 3. Source = WAN 4. Destination = L...
  2. SonicWall to Sonicwal VPN.....Blocked?
    This is kind of strange....At our main office we run a sonicwall Pro-VX. One of my users wanted a VPN connection setup at his house, so I took his laptop, his little Linksys router/switch, and his SonicWall Tele3 (Thisis a box to box VPN) to my house and configured everythin...
  3. Sonicwal, I need to setup a port forwarder for my OWA...
    I have resently installed a new Barracuda SPAM device that sits in front of our exchange server. the packet flow is as follows: Email flows to our firewall on the MX record IP address. The firewall has a 1:1 NAT directing smtp traffic inside to our Barracuda box and the ba...
  4. Windows 2003 R2, Terminal server, SQL Server, S…
    I have two Dell servers 2950 and 1950 with 4 GB ram and RAID5 with Windows 2003 R2. I would like to configure the PE2950 as a SQL server, the PE1950 as Terminal Server (application Mode) and installed the 3rd party software (monitoring). About 15 users connect to it and run t...
  5. Cisco ASA 5510 Problem to sonicwal pro1260
    Hello experts, hope you can help I have a cisco asa5510 with multiple lan to lan vpn's configured (terminating on a mixture of cisco 837, 877 and pix 501) I also have a single lan to lan vpn terminating on a sonicwall pro 1260, this vpn does not come up, it fails phase 1, lo...
  6. Sonicwal change IP
    Hello there - Office moved to another location. ATT saying we need to change the IP in Sonicwall to reflect the new gateway. I asked to bypass. They tried but no aval. Users cannot access Internet. So few questions: - Is there a way to access the sonicwall if no one kn...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: vandPosted on 2004-08-06 at 07:31:44ID: 11735895

You will need to add a service and a rule:

From the Admin guide:

Add Service
To add a service not listed in the Services window, click Access on the left side of the browser
window, and then click the Add Service tab.
The list on the right side of the window displays the services that are currently defined. These
services also appear in the Services window.
Two numbers appear in brackets next to each service. The first number indicates the service's IP
port number. The second number indicates the IP protocol type (6 for TCP, 17 for UDP, or 1 for
ICMP).
Tip There can be multiple entries with the same name. For example, the default configuration has
two entries labeled “Name Service (DNS)” for UDP port 53 and TCP port 53. Multiple entries with
the same name are grouped together, and are treated as a single service. Up to 128 entries are
supported.
Add a Known Service
1. Select the name of the service you want to add from the Add a known service list.
2. Click Add. The new service appears in the list box on the right side of the browser window. Note
that some services add more than one entry to the list.
Add a Custom Service
1. Select [Custom Service] from the Add a known service list.
2. Type a unique name, such as “CC:mail” or “Quake” in the Name field.
3. Enter the beginning number of the IP port range and ending number of the IP port range in the
Port Range fields. If the service only requires one IP port, enter the single port number in both
Port Range fields.
Tip Visit <http://www.ietf.org/rfc/rfc1700.txt> for a list of IP port numbers.
Network Access Rules Page 131
4. Select the IP protocol type, TCP, UDP or ICMP, from the Protocol list.
5. Click Add. The new service appears in the list on the right side of the browser window.
Tip If multiple entries with the same name are created, they are grouped together as a single service
and can not function as expected.

Add A New Rule
1. Click Add New Rule... in the Rules window to open the Add Rule window.
2. Select Allow or Deny in the Action list depending upon whether the rule is intended to permit or
block IP traffic.
3. Select the name of the service affected by the Rule from the Service list. If the service is not
listed, you must define the service in the Add Service window. The Default service encompasses
all IP services.
4. Select the source of the traffic affected by the rule, either LAN or WAN, *(both), from the Source
Ethernet menu.
If you want to define the source IP addresses that are affected by the rule, such as restricting
certain users from accessing the Internet, enter the starting IP addresses of the address range
in the Addr Range Begin field and the ending IP address in the Addr Range End field. To include
all IP addresses, enter * in the Addr Range Begin field.
5. Select the destination of the traffic affected by the rule, either LAN or WAN or *, from the
Destination Ethernet menu.
If you want to define the destination IP addresses that are affected by the rule, for example, to
allow inbound Web access to several Web servers on your LAN, enter the starting IP addresses
of the address range in the Addr Range Begin field and the ending IP address in the Addr Range
End field. To include all IP addresses, enter * in the Addr Range Begin field.
6. Select always from the Apply this rule menu if the rule is always in effect.
7. Select from the Apply this rule to define the specific time and day of week to enforce the rule.
Enter the time of day (in 24-hour format) to begin and end enforcement. Then select the day of
the week to begin and end enforcement.
Tip If you want to enable the rule at different times depending on the day of the week, make
additional rules for each time period.
8. If you would like for the rule to timeout after a period of inactivity, set the amount of time, in
minutes, in the Inactivity Timeout in Minutes field. The default value is 5 minutes.
Network Access Rules Page 135
9. Do not select the Allow Fragmented Packets check box. Large IP packets are often divided into
fragments before they are routed over the Internet and then reassembled at a destination host.
Because hackers exploit IP fragmentation in Denial of Service attacks, the SonicWALL blocks
fragmented packets by default. You can override the default configuration to allow fragmented
packets over PPTP or IPSec.
10. Enable Bandwidth Management, and enter the Guaranteed Bandwidth in Kbps.
11. Enter the maximum amount of bandwidth available to the Rule at any time in the Maximum
Bandwidth field. Assign a priority from 0 (highest) to 7 (lowest).
12. Click Update. Once the SonicWALL has been updated, the new rule appears in the list of Current
Network Access Rules.
Tip Although custom rules can be created that allow inbound IP traffic, the SonicWALL does not
disable protection from Denial of Service attacks, such as the SYN Flood and Ping of Death attacks.
For example, to configure the SonicWALL to allow Internet traffic to your Web server with an IP
address of 208.5.5.5 (Standard mode), create the following rule:
1. Verify that HTTP has been added as a Service as outlined previously.
2. Click the Rules tab, and click Add New Rule....
3. Select Allow, then Web (HTTP) from the Service menu.
4. Select WAN from the Ethernet Source menu, and leave the Addr Range Begin and Addr Range
End as they appear.
5. Select LAN from the Ethernet Destination menu, and enter in the IP address of the Web server,
208.5.5.5 in the Addr Range Begin field. No IP address is added in the Addr Range End since
the destination is not a range of IP addresses.
6. Select always from the Apply this rule menu.
7. Enter a value (in minutes) in the Activity Timeout in Minutes field.
8. Do not select the Allow Fragmented Packets check box.
Page 136 SonicWALL Internet Security Appliance Administrator’s Guide
9. If you want the Rule to have guaranteed bandwidth, select Enable Outbound Bandwidth
Management, and enter values for Guaranteed Bandwidth, Maximum Bandwidth, and
Bandwidth Priority.
10. Click Update to add the rule to the SonicWALL.
Tip The source part (WAN or LAN) can be limited to certain parts of the Internet using a range of IP
addresses on the WAN or LAN. For example, the following rule can be used to configure the same
Web server to be only visible from a single C class subnet on the Internet: Allow HTTP, Source WAN
216.77.88.1 - 216.77.88.254, Destination LAN 208.5.5.5.
Add New Rule Examples
The following examples illustrate methods for creating Network Access Rules.
Blocking LAN Access for Specific Services
This example shows how to block LAN access to NNTP servers on the Internet during business
hours.
1. Click Add New Rule in the Rules window to launch the Add Network Access Rule Web browser
window.
2. Select Deny from the Action menu.
3. Select NNTP from the Service menu. If the service is not listed in the list, you must to add it in
the Add Service window.
4. Select LAN from the Source Ethernet menu.
5. Since all computers on the LAN are to be affected, enter * in the Source Addr Range Begin field.
6. Select WAN from the Destination Ethernet menu.
7. Enter * in the Destination Addr Range Begin field to block access to all NNTP servers.
8. Select Apply this rule "from" to configure the time of enforcement.
9. Enter "8:30" and "17:30" in the hour fields.
10. Select Mon to Fri from the menu.
11. Click Update to add your new Rule.
Enabling Ping
By default, your SonicWALL does not respond to ping requests from the Internet. This Rule allows
ping requests from your ISP servers to your SonicWALL.
1. Click Add New Rule in the Rules window to launch the "Add Network Access Rule" window.
2. Select Allow from the Action menu.
3. Select Ping from the Service menu.
4. Select WAN from the Source Ethernet menu.
5. Enter the starting IP address of the ISP network in the Source Addr Range Begin field and the
ending IP address of the ISP network in the Source Addr Range End field.
6. Select LAN from the Destination Ethernet menu.
Network Access Rules Page 137
7. Since the intent is to allow a ping only to the SonicWALL, enter the SonicWALL LAN IP Address
in the Destination Addr Range Begin field.
8. Select Always from the Apply this rule menu to ensure continuous enforcement.
9. Click Update to add your new Rule.

Hope this helps

 

by: MicrotechPosted on 2004-08-06 at 07:32:12ID: 11735899

 

by: vandPosted on 2004-08-06 at 07:35:55ID: 11735937

BTW It is port 3389 for TS

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...