Sonicwall Firewall Configuration

we have a Sonicwall TZ-210 firewall, and we also have a Fonality PBXtra telephone system.

In order to have remote phones working outside the network, there are certain ports that i need to open up in the firewall. one specifically is USP 5060.

I am having trouble configuring this to work unless I open that port up to all traffic.  from what i think i know, i should be able to have this traffic directed only to the internal IP of our phone server, but i cannot make this work.

where i think the problem is in defining the Address Objects for the Network.  when i create and Address Object for the system it by default puts a netmask of  which is wrong as it should be

I cannot figure out how to change this, it needs to point to for this to work i think??
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

James HIT DirectorCommented:
OK, the easiest way to do this is to use the wizard.
Just run the "Public server wizard" and specify the IP address of your PBX and the port 5060 you ant to NAT.
It will setup the rules, objects and loopback.
redekopmfgAuthor Commented:
I did that, but it still puts the netmask as for the address object?
amatson78Sr. Security EngineerCommented:
If it is a single IP then the net mask is For the object make sure te type is "Host" not "Range" or " Network".
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

redekopmfgAuthor Commented:
ok, maybe this is just the newbie in me but......

the address of my server is
with a subnet mask of

if sonicwall has it listed as:

how is it going to find it? from what i have seen so doesn't??
Syed_M_UsmanSystem AdministratorCommented:
Dear you can do as follows,

1) please notedown your firewall configration or taken firewall settings backup,,, SNA> System >Settings >Exort settings

2) reset your firewall to factory default

3) start firewall configration from scratch, assign LAN/WAN IP Address
4) if your PABX having external IP for outside users you need to configure NAT (Refer to atatched Wizard-1)

but for "In order to have remote phones working outside the network, there are certain ports that i need to open up in the firewall. one specifically is USP 5060" you dont need to do NAT,,,

you can simply enable Consistant NAT refer to attached (VOIP)

redekopmfgAuthor Commented:
why reset to factory defaults? what is that going to do for me?
Did you ever get this working?  We are having the same issue.
Syed_M_UsmanSystem AdministratorCommented:
why reset to factory defaults? what is that going to do for me? This will delete all polices, most of times this help specially if admins play with NAT.

IN MY CASE ITS WORKING, what u r looking for ??
Syed_M_UsmanSystem AdministratorCommented:
IN MY CASE ITS WORKING, what u r looking for @ ceoakmanii......
I finally got our working last night.  The wizard creates 3 one to one NAT policies in my case named Phoneserver.  I reset each of these to allow ANY services through.  This still did not fix it so I reset it back to PhoneServer Services which include the TCP and UDP ports that Fonality Tech Support say are required.  At this point magically our HUD and external phones started working.  No real changes, just reset the services.  

What I was looking for was someone's experience with their settings.  Resetting to Factory Defaults is not really a solution as some of us have pretty complicated setups with Site-to-Site VPN's and many internal servers.  I have been a SonicWall Certified Tech for about 10 years and this one baffled me.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
redekopmfgAuthor Commented:
I was always able to get them connected if I opened up the ports to all traffic, but that is a huge risk, and has gotten my phone system hacked twice!!

luckily all my remote phones are static in one location, so I was able to configure to allow only traffic from a specific IP address.

still isn't perfect, but it works, and Fonality talks about having lots of trouble with Sonicwall devices!
amatson78Sr. Security EngineerCommented:
Glad you have it working. SonicWALLs are very secure which is why companies claI'm to have "trouble" with the ;) I agree you should never have to factory reset to solve a problem. Just patience and some good troubleshooting as you did. Kudos to you ;)
redekopmfgAuthor Commented:
Thanks for all the comments!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.