Solved

How to setup SonicWALL SOHO's port forward

Posted on 2004-08-06
3
1,284 Views
Last Modified: 2013-11-21
I have a SonicWALL SOHO3 firewall as NAT and a terminal services server(192.168.0.250) inside this firewall, I'd like to TS to my TS server in my home. Is it possible to setup SonicWALL's port forward feature and how to?
0
Comment
Question by:mxh778872
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
vand earned 125 total points
Comment Utility
You will need to add a service and a rule:

From the Admin guide:

Add Service
To add a service not listed in the Services window, click Access on the left side of the browser
window, and then click the Add Service tab.
The list on the right side of the window displays the services that are currently defined. These
services also appear in the Services window.
Two numbers appear in brackets next to each service. The first number indicates the service's IP
port number. The second number indicates the IP protocol type (6 for TCP, 17 for UDP, or 1 for
ICMP).
Tip There can be multiple entries with the same name. For example, the default configuration has
two entries labeled “Name Service (DNS)” for UDP port 53 and TCP port 53. Multiple entries with
the same name are grouped together, and are treated as a single service. Up to 128 entries are
supported.
Add a Known Service
1. Select the name of the service you want to add from the Add a known service list.
2. Click Add. The new service appears in the list box on the right side of the browser window. Note
that some services add more than one entry to the list.
Add a Custom Service
1. Select [Custom Service] from the Add a known service list.
2. Type a unique name, such as “CC:mail” or “Quake” in the Name field.
3. Enter the beginning number of the IP port range and ending number of the IP port range in the
Port Range fields. If the service only requires one IP port, enter the single port number in both
Port Range fields.
Tip Visit <http://www.ietf.org/rfc/rfc1700.txt> for a list of IP port numbers.
Network Access Rules Page 131
4. Select the IP protocol type, TCP, UDP or ICMP, from the Protocol list.
5. Click Add. The new service appears in the list on the right side of the browser window.
Tip If multiple entries with the same name are created, they are grouped together as a single service
and can not function as expected.

Add A New Rule
1. Click Add New Rule... in the Rules window to open the Add Rule window.
2. Select Allow or Deny in the Action list depending upon whether the rule is intended to permit or
block IP traffic.
3. Select the name of the service affected by the Rule from the Service list. If the service is not
listed, you must define the service in the Add Service window. The Default service encompasses
all IP services.
4. Select the source of the traffic affected by the rule, either LAN or WAN, *(both), from the Source
Ethernet menu.
If you want to define the source IP addresses that are affected by the rule, such as restricting
certain users from accessing the Internet, enter the starting IP addresses of the address range
in the Addr Range Begin field and the ending IP address in the Addr Range End field. To include
all IP addresses, enter * in the Addr Range Begin field.
5. Select the destination of the traffic affected by the rule, either LAN or WAN or *, from the
Destination Ethernet menu.
If you want to define the destination IP addresses that are affected by the rule, for example, to
allow inbound Web access to several Web servers on your LAN, enter the starting IP addresses
of the address range in the Addr Range Begin field and the ending IP address in the Addr Range
End field. To include all IP addresses, enter * in the Addr Range Begin field.
6. Select always from the Apply this rule menu if the rule is always in effect.
7. Select from the Apply this rule to define the specific time and day of week to enforce the rule.
Enter the time of day (in 24-hour format) to begin and end enforcement. Then select the day of
the week to begin and end enforcement.
Tip If you want to enable the rule at different times depending on the day of the week, make
additional rules for each time period.
8. If you would like for the rule to timeout after a period of inactivity, set the amount of time, in
minutes, in the Inactivity Timeout in Minutes field. The default value is 5 minutes.
Network Access Rules Page 135
9. Do not select the Allow Fragmented Packets check box. Large IP packets are often divided into
fragments before they are routed over the Internet and then reassembled at a destination host.
Because hackers exploit IP fragmentation in Denial of Service attacks, the SonicWALL blocks
fragmented packets by default. You can override the default configuration to allow fragmented
packets over PPTP or IPSec.
10. Enable Bandwidth Management, and enter the Guaranteed Bandwidth in Kbps.
11. Enter the maximum amount of bandwidth available to the Rule at any time in the Maximum
Bandwidth field. Assign a priority from 0 (highest) to 7 (lowest).
12. Click Update. Once the SonicWALL has been updated, the new rule appears in the list of Current
Network Access Rules.
Tip Although custom rules can be created that allow inbound IP traffic, the SonicWALL does not
disable protection from Denial of Service attacks, such as the SYN Flood and Ping of Death attacks.
For example, to configure the SonicWALL to allow Internet traffic to your Web server with an IP
address of 208.5.5.5 (Standard mode), create the following rule:
1. Verify that HTTP has been added as a Service as outlined previously.
2. Click the Rules tab, and click Add New Rule....
3. Select Allow, then Web (HTTP) from the Service menu.
4. Select WAN from the Ethernet Source menu, and leave the Addr Range Begin and Addr Range
End as they appear.
5. Select LAN from the Ethernet Destination menu, and enter in the IP address of the Web server,
208.5.5.5 in the Addr Range Begin field. No IP address is added in the Addr Range End since
the destination is not a range of IP addresses.
6. Select always from the Apply this rule menu.
7. Enter a value (in minutes) in the Activity Timeout in Minutes field.
8. Do not select the Allow Fragmented Packets check box.
Page 136 SonicWALL Internet Security Appliance Administrator’s Guide
9. If you want the Rule to have guaranteed bandwidth, select Enable Outbound Bandwidth
Management, and enter values for Guaranteed Bandwidth, Maximum Bandwidth, and
Bandwidth Priority.
10. Click Update to add the rule to the SonicWALL.
Tip The source part (WAN or LAN) can be limited to certain parts of the Internet using a range of IP
addresses on the WAN or LAN. For example, the following rule can be used to configure the same
Web server to be only visible from a single C class subnet on the Internet: Allow HTTP, Source WAN
216.77.88.1 - 216.77.88.254, Destination LAN 208.5.5.5.
Add New Rule Examples
The following examples illustrate methods for creating Network Access Rules.
Blocking LAN Access for Specific Services
This example shows how to block LAN access to NNTP servers on the Internet during business
hours.
1. Click Add New Rule in the Rules window to launch the Add Network Access Rule Web browser
window.
2. Select Deny from the Action menu.
3. Select NNTP from the Service menu. If the service is not listed in the list, you must to add it in
the Add Service window.
4. Select LAN from the Source Ethernet menu.
5. Since all computers on the LAN are to be affected, enter * in the Source Addr Range Begin field.
6. Select WAN from the Destination Ethernet menu.
7. Enter * in the Destination Addr Range Begin field to block access to all NNTP servers.
8. Select Apply this rule "from" to configure the time of enforcement.
9. Enter "8:30" and "17:30" in the hour fields.
10. Select Mon to Fri from the menu.
11. Click Update to add your new Rule.
Enabling Ping
By default, your SonicWALL does not respond to ping requests from the Internet. This Rule allows
ping requests from your ISP servers to your SonicWALL.
1. Click Add New Rule in the Rules window to launch the "Add Network Access Rule" window.
2. Select Allow from the Action menu.
3. Select Ping from the Service menu.
4. Select WAN from the Source Ethernet menu.
5. Enter the starting IP address of the ISP network in the Source Addr Range Begin field and the
ending IP address of the ISP network in the Source Addr Range End field.
6. Select LAN from the Destination Ethernet menu.
Network Access Rules Page 137
7. Since the intent is to allow a ping only to the SonicWALL, enter the SonicWALL LAN IP Address
in the Destination Addr Range Begin field.
8. Select Always from the Apply this rule menu to ensure continuous enforcement.
9. Click Update to add your new Rule.

Hope this helps
0
 
LVL 17

Expert Comment

by:Microtech
Comment Utility
0
 
LVL 6

Expert Comment

by:vand
Comment Utility
BTW It is port 3389 for TS
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now