Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sonicwall TZ 170 Port Forward issue

Posted on 2007-03-30
8
Medium Priority
?
6,071 Views
Last Modified: 2010-08-05
I have a Sonicwall TZ 170 wireless firewall running Standard OS.
The wirless side is configured for guest access only and works fine to access Internet only.

The LAN setup consists of 2 internal private IP's where one is lets say 10.10.100.10 for the Sonicwall LAN IP and another 10.10.100.11 which is connected to a Cisco router. The Cisco router in turn routes to the secondary LAN segment of 10.10.180.xxx where all the internal workstations reside.
All traffic from both the wireless network and the secondary LAN network can access the Internet fine but I cannot seem to get the RDP Port Forward working to reach the Terminal Server on the secondary LAN.
I have created a Static route on the Sonicwall to the secondary LAN and it is acknowledged when I use the Sonicwall diagnostics to find network path so it knows how to get there.
I have also created a rule to allow=any service=RDP (port 3389) source=* destination= LAN IP of the TServer, but it doesn't seem to work.

I only want to be able to allow RDP port 3389 in to a terminal server on the Secondary LAN side.
Can this be done without using the OPT port and having to get another Public IP assigned?

Thanks
0
Comment
Question by:edburg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 18831099
While you likely have done this, be sure to check your Access Rules for any DENY that may be affecting you.  In my experience with the TZ 170, a deny may overrule an allow, no matter what you do.  Also, be sure your secondary network isn't defined as WAN, while you're trying to route through LAN.
0
 

Author Comment

by:edburg
ID: 18831232
Thanks
The rules all look fine in that regard and the route is defined as LAN.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 18831811
Are you sure it's being blocked on the Sonicwall?  Turn all of your logs on in there and verify.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:edburg
ID: 18832414
Well, a port scan doesn''t reveal it as open or filtered as it does with the other common ports so I asumed that the Sonicwall device wasn't passing the RDP packets.
Let me refine the question again .... Soniwall TZ 170 Standard OS
1) Do I require a  1-1Nat in order to reach the Terminal Server on the LAN side and if so, can this be done with just the main Public IP that is assigned to the Sonicwall WAN interface?
2) In order to have this work do I need to have both a 1-1NAT setup and a specified allow rule for the RDP port I want to open, or do I just need the simple rule to allow RDP?
I think question (1) is the biggest question in this case.


0
 
LVL 2

Accepted Solution

by:
jmilczek earned 750 total points
ID: 19005648
Assign a workstation an IP of 10.10.100.x and connect it directly to one of the WAN ports then modify and test your rule. This will help you determine if the Cisco is a problem.
0
 

Author Comment

by:edburg
ID: 19009866
It was determined that it was the Cisco router that was not passing the packets.
Issue has been resolved.
0
 

Author Comment

by:edburg
ID: 19009895
The solution was actually resolved the day after I first posted but I will give the credit anyway as the suggested solution was in fact what I did to discover that the Cisco was the problem.

Thanks to all who posted on the topic ....
0
 
LVL 2

Expert Comment

by:jmilczek
ID: 19014465
Correction to my previous post in case someone else reads this:

Assign a workstation an IP of 10.10.100.x and connect it directly to one of the LAN ports on the SonicWall then modify and test your rule. This will help you determine if the Cisco is a problem.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question