We help IT Professionals succeed at work.

Sonicwall Firewall Configuration

we have a Sonicwall TZ-210 firewall, and we also have a Fonality PBXtra telephone system.

In order to have remote phones working outside the network, there are certain ports that i need to open up in the firewall. one specifically is USP 5060.

I am having trouble configuring this to work unless I open that port up to all traffic.  from what i think i know, i should be able to have this traffic directed only to the internal IP of our phone server, but i cannot make this work.

where i think the problem is in defining the Address Objects for the Network.  when i create and Address Object for the system it by default puts a netmask of 255.255.255.255.  which is wrong as it should be 255.255.255.0.

I cannot figure out how to change this, it needs to point to 192.168.2.20/255.255.255.0 for this to work i think??
Comment
Watch Question

James HIT Director

Commented:
OK, the easiest way to do this is to use the wizard.
Just run the "Public server wizard" and specify the IP address of your PBX and the port 5060 you ant to NAT.
It will setup the rules, objects and loopback.

Author

Commented:
I did that, but it still puts the netmask as 255.255.255.255 for the address object?
amatson78Sr. Security Engineer

Commented:
If it is a single IP then the net mask is 255.255.255.255. For the object make sure te type is "Host" not "Range" or " Network".

Author

Commented:
ok, maybe this is just the newbie in me but......

the address of my server is
192.168.2.20
with a subnet mask of 255.255.255.0

if sonicwall has it listed as:
192.168.2.20
255.255.255.255

how is it going to find it? from what i have seen so far...it doesn't??
Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
Dear you can do as follows,

1) please notedown your firewall configration or taken firewall settings backup,,, SNA> System >Settings >Exort settings

2) reset your firewall to factory default

3) start firewall configration from scratch, assign LAN/WAN IP Address
 
4) if your PABX having external IP for outside users you need to configure NAT (Refer to atatched Wizard-1)

but for "In order to have remote phones working outside the network, there are certain ports that i need to open up in the firewall. one specifically is USP 5060" you dont need to do NAT,,,

you can simply enable Consistant NAT refer to attached (VOIP)

Wizard-1.jpg
VOIP.jpg

Author

Commented:
why reset to factory defaults? what is that going to do for me?
Did you ever get this working?  We are having the same issue.
Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
why reset to factory defaults? what is that going to do for me? This will delete all polices, most of times this help specially if admins play with NAT.

IN MY CASE ITS WORKING, what u r looking for ??
Syed_M_UsmanSystem Administrator
Top Expert 2011

Commented:
IN MY CASE ITS WORKING, what u r looking for @ ceoakmanii......
I finally got our working last night.  The wizard creates 3 one to one NAT policies in my case named Phoneserver.  I reset each of these to allow ANY services through.  This still did not fix it so I reset it back to PhoneServer Services which include the TCP and UDP ports that Fonality Tech Support say are required.  At this point magically our HUD and external phones started working.  No real changes, just reset the services.  

What I was looking for was someone's experience with their settings.  Resetting to Factory Defaults is not really a solution as some of us have pretty complicated setups with Site-to-Site VPN's and many internal servers.  I have been a SonicWall Certified Tech for about 10 years and this one baffled me.

Author

Commented:
I was always able to get them connected if I opened up the ports to all traffic, but that is a huge risk, and has gotten my phone system hacked twice!!

luckily all my remote phones are static in one location, so I was able to configure to allow only traffic from a specific IP address.

still isn't perfect, but it works, and Fonality talks about having lots of trouble with Sonicwall devices!
amatson78Sr. Security Engineer

Commented:
Glad you have it working. SonicWALLs are very secure which is why companies claI'm to have "trouble" with the ;) I agree you should never have to factory reset to solve a problem. Just patience and some good troubleshooting as you did. Kudos to you ;)

Author

Commented:
Thanks for all the comments!