Solved

Sonicwall TZ 170 Port Forward issue

Posted on 2007-03-30
8
6,046 Views
Last Modified: 2010-08-05
I have a Sonicwall TZ 170 wireless firewall running Standard OS.
The wirless side is configured for guest access only and works fine to access Internet only.

The LAN setup consists of 2 internal private IP's where one is lets say 10.10.100.10 for the Sonicwall LAN IP and another 10.10.100.11 which is connected to a Cisco router. The Cisco router in turn routes to the secondary LAN segment of 10.10.180.xxx where all the internal workstations reside.
All traffic from both the wireless network and the secondary LAN network can access the Internet fine but I cannot seem to get the RDP Port Forward working to reach the Terminal Server on the secondary LAN.
I have created a Static route on the Sonicwall to the secondary LAN and it is acknowledged when I use the Sonicwall diagnostics to find network path so it knows how to get there.
I have also created a rule to allow=any service=RDP (port 3389) source=* destination= LAN IP of the TServer, but it doesn't seem to work.

I only want to be able to allow RDP port 3389 in to a terminal server on the Secondary LAN side.
Can this be done without using the OPT port and having to get another Public IP assigned?

Thanks
0
Comment
Question by:edburg
  • 4
  • 2
  • 2
8 Comments
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 18831099
While you likely have done this, be sure to check your Access Rules for any DENY that may be affecting you.  In my experience with the TZ 170, a deny may overrule an allow, no matter what you do.  Also, be sure your secondary network isn't defined as WAN, while you're trying to route through LAN.
0
 

Author Comment

by:edburg
ID: 18831232
Thanks
The rules all look fine in that regard and the route is defined as LAN.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 18831811
Are you sure it's being blocked on the Sonicwall?  Turn all of your logs on in there and verify.
0
 

Author Comment

by:edburg
ID: 18832414
Well, a port scan doesn''t reveal it as open or filtered as it does with the other common ports so I asumed that the Sonicwall device wasn't passing the RDP packets.
Let me refine the question again .... Soniwall TZ 170 Standard OS
1) Do I require a  1-1Nat in order to reach the Terminal Server on the LAN side and if so, can this be done with just the main Public IP that is assigned to the Sonicwall WAN interface?
2) In order to have this work do I need to have both a 1-1NAT setup and a specified allow rule for the RDP port I want to open, or do I just need the simple rule to allow RDP?
I think question (1) is the biggest question in this case.


0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 2

Accepted Solution

by:
jmilczek earned 250 total points
ID: 19005648
Assign a workstation an IP of 10.10.100.x and connect it directly to one of the WAN ports then modify and test your rule. This will help you determine if the Cisco is a problem.
0
 

Author Comment

by:edburg
ID: 19009866
It was determined that it was the Cisco router that was not passing the packets.
Issue has been resolved.
0
 

Author Comment

by:edburg
ID: 19009895
The solution was actually resolved the day after I first posted but I will give the credit anyway as the suggested solution was in fact what I did to discover that the Cisco was the problem.

Thanks to all who posted on the topic ....
0
 
LVL 2

Expert Comment

by:jmilczek
ID: 19014465
Correction to my previous post in case someone else reads this:

Assign a workstation an IP of 10.10.100.x and connect it directly to one of the LAN ports on the SonicWall then modify and test your rule. This will help you determine if the Cisco is a problem.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now