Port Forwarding on XTM 23 Series

Posted on 2011-10-03
Last Modified: 2013-11-16
I have extensive experience with Sonicwall setups.

I recently acquired an XTM 23 Series Firebox to replace my Sonicwall.  Firmware on the Firebox is 11.4.2

What are the steps to setup Port Forwarding?

Example:  From the internet, I want to be able to remote in to my Firebox using RDP Port 3392 to an internal Address of

I did setup a New Firewall Policy and told it to Accept from Any-External but wasn't sure on how to setup the To section.

Do I need to setup a Rule under SNAT for each Port Forward?
Question by:j4piper

    Author Comment

    XTM 23 Series - Firmware 11.4.B306888
    LVL 14

    Expert Comment

    You setup a new rule
    then say;
    from: external or any-external
    To: --> Add  NAT --> make nat from external to internal IP

    you don't need a new rule for each forward, if you want to forward several ports to one and the same server from the same external, you can do either:

    -make 1 big rule with all protocols in it
    -make a snat and reuse it in the other rules

    Author Comment

    I understand what you are saying but I need guidance on where to do this in the Firebox Web UI?

    Thank you.
    LVL 9

    Expert Comment

    To Enable RDP and forward through to an internal IP address:
    - Login to your WatchGuard's WebUI
    - Go to Firewall > Firewall Policies
    - Select your Firewall Policy and Click Edit
    - Ensure your Policy Type is RDP
    - In the From area confirm that it says Any-External
    - In the To area Remove anything in there currently
    - In the To area Click Add
    - In the Member Type drop down menu, select static NAT
    - Select your External Address from the drop down menu
    - In the next field, type in the internal IP address and then Click OK
    - Click Save in the Main Policy Screen
    - Test it out

    Author Comment

    hello there.

    here is a screenshot of what i was interpreting from your email.

    is this what you were thinking of?

    LVL 14

    Accepted Solution

    that is correct

    Author Closing Comment


    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now