I am having trouble sharing files between my LAN and WLAN with a SonicWall TZW firewall


Does anyone have any suggestions on how I can get a TZW to share files?
I can ping between my LAN -> WLAN and WLAN -> LAN.
I have a rule set for LAN -> WLAN NETBIOS allow
I have a rule set for WLAN -> LAN NETBIOS allow
I have a rule set for LAN -> WLAN DNS allow
I have a rule set for WLAN -> LAN DNS allow

I have a check mark in Windows Networking (NetBIOS) Broadcast Pass Through From WLAN to LAN

In Predefined Services I have
Name Service (DNS) 53 53 TCP
Name Service (DNS) 53 53 UDP
NetBios 137 137 TCP
NetBios 137 137 UDP
NetBios 138 138 TCP
NetBios 138 138 UDP
NetBios 139 139 TCP
NetBios 139 139 UDP

I don't have a wins server. I do have all PC's in Lmhosts. I can't
see other PC's in Network Neighborhood. A search fails when I search
on name. If I try to open a different PC from the run command with
\\ it fails WLAN -> LAN.  If I run the same from WLAN -> WLAN it works fine \\

I have run a test on the ports and here is the results:
137/tcp    open        netbios-ns              
138/tcp    open        netbios-dgm            
139/tcp    open        netbios-ssn  
445/tcp    open        microsoft-ds            

Any Ideas?
Who is Participating?
CajunBillConnect With a Mentor Commented:
Yes, I have some Sonicwalls of my own - but not that model.
Anyway, the Sonicwall is not simply a switch, but instead a firewall, as you know.

In order to make the subnets communicate as you have been trying to do,
you may need to set up VPNs between the hardwired and wireless lans.
That's because they are on different network numbers, and this type of Windows traffic does not normally go between networks.
But before that will work for you, the Network Neighborhood must work within the subnets.
After that you can try to make it work between subnets.

You probably need to open up some more ports.
The simplest thing (and of course the least secure) would be to open all ports between the hardwired and wireless lans.
But it may be that all you need is to allow something like SMB in both directions.
More information would be very helpful.
What is the ip number of the computers ?
What is wan address? Are other computers using same router?
Is all computers on the same lan?

wlan->lan with address shouldn't be possible. It's reserved for internal lan, like
You mention and, these are by default not in the same network.
It looks like one of them is on your wireless lan and the other on the hardwired lan.
If so, does the Sonicwall force you to assign different networks to the lan an wlan?
You could have better luck if both the lan and wlan have the same network number.

You say you cannot see other PCs in network neighborhood.
As a start, you should be able to see at least all the PCs on the hardwired lan from any PC on that lan,
and all PCs on the wireless lan from any PC on the wireless lan.
If you cannot do that then you need to solve that first, before worrying about seeing PCs on the other side of the Sonicwall.

Let us know what the status is!
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

docfxitAuthor Commented:
Hi  Dragonmen,

To answer your questions:
I will keep this as simple as possible.
The WAN address is
One WLAN address is
One LAN address is 192.168.1 113
It is mandatory in a SonicWall TZW that each have there own sub domain.  It won't communicate if they aren't on a different sub domain.  
The FireWall and Router are all one hardware box called a SonicWall TZW.
Some computers are on the LAN and some computers are on the WLAN.
The SonicWall is supposed to create the link between sub domains.  That is where my need is in knowing how to configure the SonicWall.

Hi CajunBill,

You are correct.  SonicWall does that mandatory and on purpose so they start with all ports closed.  I need to figure out how to open up the correct ports.
It seems to me also that I should be able to see all  PC's on the LAN from the LAN 192.168.1.xxx
And all PC's on the WLAN from any other PC's on the WLAN 192.168.2.xxx
And because I have rules saying all PC's on the WLAN should pass ports 137-139 & 445 to the   LAN.
And because I have rules saying all PC's on the    LAN should pass ports 137-139 & 445 to the WLAN.
I should be able to see all PC's on both sub domains.

If you know the SonicWall this should be a piece of cake to solve.
If you know networking you should be able to tell me what ports need to be passed to get this working.
If you know how NETBios works this should be a piece of cake to figure out.

I am obviously not doing something correctly.
netbios uses ports    137-139,  also want to enable icmp and it doesnt mattter really though, since im guessing that all the computers are connected through a the same switch on the router,

first off, ping the ips of each comp

start run - command hit enter black box comes up, type ping or whatver the ip is

get a reply?
is there a firewall on the comp your pinging?
it might block the ping

also from command prompt try this

route add othercompIP yourCompIP persistent:yes

it will add to your routing tables
not really neccesary

do this, start run \\ipaddress    do you see any shares?
try this as well   start run command hit enter
type in netview \\ipaddress

can you see anything

networking is networking, no matter what the device
docfxitAuthor Commented:
Hi jjk16,

Your statement of "networking is networking, no matter what the device" is correct.  I agree.  How the OS or in this case the firewall is the unknown.  Your suggestions to  test each component of the network is excellent.  As you will see in a moment (since I figured it out) sometimes it helps to know the equipment.  I defiantly don't profess to know or understand this box.  And since I have been on the phone with SonicWall Tech Support with 1st level (India), 2nd level (India) and 3rd level (AZ) they don't seem to know the box either.

Hi CajunBill,

It sounds like you understand more about  SonicWall firewalls.  I think you were actually on the right track.  The difference between other models and this one is this one has one more layer.  Your's  probably has a WAN and a LAN on two different subnets.  This one has a built in Wireless also so there are other wireless  areas that make this more complicated.

I did setup VPN's between the Wireless and the SonicWall.  I experienced a problem trying to pass remote printer information on port 515.  It wouldn't work through the SonicWall VPN client.  When I turned off the VPN and WiFiSec Enforcement port 515 started working.    I'm waiting for a call from 3rd level as to the solution.  I did turn on "Enable MAC Filter List" so no one else can get into my wireless but it doesn't protect any sensitive information.  To answer your next question, I don't know how to turn on all ports.  If I did that would certainly be a good way to find out if  the problem is with the firewall or not.   I also don't know what SMB is.  I don't have an option in the firewall that says SMB.  Maybe there is another name for it?

I  have figured out what the problem was.  One of the support techs had me add a rule to the firewall  Allow WLAN -> LAN  Any.    Which means open any (and all) ports from WLAN -> LAN.
As soon as I  turned that rule off  i was able to search (and find)  the PC's  from the wireless to the LAN.  I know it sounds crazy but I have also found other rules that conflict and cause problems.  I don't know how long this firewall has been around but as far as I am concerned they don't have the bugs out yet.

Thanks for your help.
Ok, for the port allowing you need to enable ports 137-139 for the netbios and port 445 for ms-ds.
For the routing to function you should use your firewall as a gateway.
Did some of this helps ?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.