We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Creating an Access Rule in SonicWall 2040 pro - Enhanced OS

WilliamIMS2
WilliamIMS2 asked
on
Medium Priority
1,007 Views
Last Modified: 2012-05-06
We are trying to open up port for our customer on their Sonicwall 2040.

They originally had port 25 opened to a group of IP ranges which works fine, i tried to duplicate this rule with our IP ranges but it didn't work (I created a new network object with our range and then added a access rule).

I then added our range to the group that they already had set up and this works fine.

However, we now need to open up another port (service) to our IP range so I'll need to create a new rule, however our connections are still being rejected.

Sorry for the vagueness, but do you have any ideas what I'm doing wrong?
Comment
Watch Question

Author

Commented:
that should be with our* ranges not with out.
CERTIFIED EXPERT
Top Expert 2007
Commented:
For allowing inbound access that is exactly we do;
1. Create a Network Object with IP range/subnet/host/FQDN/MAC.
2. If needed create group address object.
3. Create a custom rule from WAN->LAN; specify services type [if not predefined then create one before hand], source as address object created above; destination as needed.

The only thing I think might be the problem is the order of the rule; the topmost rules has higher priority than the bottom most. On the firewall the rules are applied from top to bottom; and after the first rule match no other rules are looked at. There is a possibility that you have a less restrictive rule higher in the order; please move your rule up the order and this should solve the issue.

Please implement and update.

Thank you.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2007

Commented:
You can change the priority ranking of an access rule by clicking the Arrows icon in the Priority
column. The Change Priority window is displayed. Enter the new priority number (1-10) in the
Priority field, and click OK. 1 being the highest priority.

Thank you.

Author

Commented:
Hi dpk,

This is exactly what we did.

1. We created a new network object with our IP range
2. Created a wan --> lan rule to allow access to port 25 from our network object
3. Moved the rule to the top of the list

Our connections are then immediately rejected.

I then changed the rule too allow access from 'any' and our connections were still immediately rejected.

However, adding our Network object to their already defined rule for port 25 allowed us access.

I now need to open up port 389 and we are having the same problem. I'm creating a rule that is identical to the one that works but the firewall immediately rejects our connections - I'm sure there is something simple that I am overlooking.

Thanks a lot for your help.
CERTIFIED EXPERT
Top Expert 2007

Commented:
Can post some sanitized logs which would indicate what is blocking the traffic; also have you configured NAT for the internal server.

Thank you.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.