Sonicwall Firewall Configuration

we have a Sonicwall TZ-210 firewall, and we also have a Fonality PBXtra telephone system.

In order to have remote phones working outside the network, there are certain ports that i need to open up in the firewall. one specifically is USP 5060.

I am having trouble configuring this to work unless I open that port up to all traffic.  from what i think i know, i should be able to have this traffic directed only to the internal IP of our phone server, but i cannot make this work.

where i think the problem is in defining the Address Objects for the Network.  when i create and Address Object for the system it by default puts a netmask of 255.255.255.255.  which is wrong as it should be 255.255.255.0.

I cannot figure out how to change this, it needs to point to 192.168.2.20/255.255.255.0 for this to work i think??
redekopmfgAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

James HIT DirectorCommented:
OK, the easiest way to do this is to use the wizard.
Just run the "Public server wizard" and specify the IP address of your PBX and the port 5060 you ant to NAT.
It will setup the rules, objects and loopback.
0
redekopmfgAuthor Commented:
I did that, but it still puts the netmask as 255.255.255.255 for the address object?
0
amatson78Sr. Security EngineerCommented:
If it is a single IP then the net mask is 255.255.255.255. For the object make sure te type is "Host" not "Range" or " Network".
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

redekopmfgAuthor Commented:
ok, maybe this is just the newbie in me but......

the address of my server is
192.168.2.20
with a subnet mask of 255.255.255.0

if sonicwall has it listed as:
192.168.2.20
255.255.255.255

how is it going to find it? from what i have seen so far...it doesn't??
0
Syed_M_UsmanSystem AdministratorCommented:
Dear you can do as follows,

1) please notedown your firewall configration or taken firewall settings backup,,, SNA> System >Settings >Exort settings

2) reset your firewall to factory default

3) start firewall configration from scratch, assign LAN/WAN IP Address
 
4) if your PABX having external IP for outside users you need to configure NAT (Refer to atatched Wizard-1)

but for "In order to have remote phones working outside the network, there are certain ports that i need to open up in the firewall. one specifically is USP 5060" you dont need to do NAT,,,

you can simply enable Consistant NAT refer to attached (VOIP)

Wizard-1.jpg
VOIP.jpg
0
redekopmfgAuthor Commented:
why reset to factory defaults? what is that going to do for me?
0
ceoakmaniiCommented:
Did you ever get this working?  We are having the same issue.
0
Syed_M_UsmanSystem AdministratorCommented:
why reset to factory defaults? what is that going to do for me? This will delete all polices, most of times this help specially if admins play with NAT.

IN MY CASE ITS WORKING, what u r looking for ??
0
Syed_M_UsmanSystem AdministratorCommented:
IN MY CASE ITS WORKING, what u r looking for @ ceoakmanii......
0
ceoakmaniiCommented:
I finally got our working last night.  The wizard creates 3 one to one NAT policies in my case named Phoneserver.  I reset each of these to allow ANY services through.  This still did not fix it so I reset it back to PhoneServer Services which include the TCP and UDP ports that Fonality Tech Support say are required.  At this point magically our HUD and external phones started working.  No real changes, just reset the services.  

What I was looking for was someone's experience with their settings.  Resetting to Factory Defaults is not really a solution as some of us have pretty complicated setups with Site-to-Site VPN's and many internal servers.  I have been a SonicWall Certified Tech for about 10 years and this one baffled me.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
redekopmfgAuthor Commented:
I was always able to get them connected if I opened up the ports to all traffic, but that is a huge risk, and has gotten my phone system hacked twice!!

luckily all my remote phones are static in one location, so I was able to configure to allow only traffic from a specific IP address.

still isn't perfect, but it works, and Fonality talks about having lots of trouble with Sonicwall devices!
0
amatson78Sr. Security EngineerCommented:
Glad you have it working. SonicWALLs are very secure which is why companies claI'm to have "trouble" with the ;) I agree you should never have to factory reset to solve a problem. Just patience and some good troubleshooting as you did. Kudos to you ;)
0
redekopmfgAuthor Commented:
Thanks for all the comments!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.