Need to open port 6000 on our SonicWall Network Security Appliance


We have a SonicWall Network Security Appliance. I have been attempting to get port 6000 opened for the past few days, but have had no luck. I have created the address objects, service and have add an access rule to the firewall. The port still is not opened when we run an external scan using I have tried everything and have combed online documentation but still have the problem.

Is there a recommended resource that will explain how to get port 6000 opened with our SonicWall Network Security Appliance?

Any suggestions will be appreciated. Thanks.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If you're just trying to open port 6000 for your external public IP address for some sort of a scanning procedure, just create an access rule in the WAN > WAN zone intersection that looks like this:

Source: Any
Destination: WAN Primary IP (Whatever your WAN IP address is you're testing against)
Service: Port 6000 (create a service object for either TCP/UDP for port 6000)

This should work. However, keep in mind if the scanner is trying to initiate any sort of application level intelligence against that port when communicating to the firewall nothing will happen as the firewall has no application intelligence on port 6000.

Maen Abu-TabanjehNetwork Administrator, Network ConsultantCommented:
David SpigelmanPresident / CEOCommented:
If you're looking at opening a port, ostensibly you're looking to allow inbound traffic on that port, in which case you are more-than-likely also going to need to NAT the traffic inbound, to get it where you're going. To do that on a SonicWALL router you can try to use a wizard, which will do it all for you. Or you can do it all manually.

You'll need:
An object definition for the device you're trying to reach.
A service definition for port 6000 (TCP? UDP?)

Then you'll create a NAT rule directing traffic to the appropriate device. It'll look something like:
Source: Any  Orig Dest: Primary WAN IP  ==> Source: Original  Dest: <object definition>. Oh, there's also going to be the PAT portion of this, in which you'll tell it that the original destination port is 6000, and the redirected port is... Original, if that's what you want.

Finally, you'll need a firewall rule allowing the traffic from the original source to the original destination.

That ought to do it.
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Poly11Author Commented:
Ok, I've tried to work with this but am still having issues. The IP Address of the DVR is and I have an Address Object created for it and assigned to the LAN zone.

I have a service object created for it using TCP protocol with port range 6000-6000.

I have a NAT policy created that has the following:
Original Source: Any
Translated Source: Original
Original Destination: WAN Primary IP
Translated Destination: <Address Object>
Original Service: <Service Object>
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any
Enable NAT Policy is Selected

The Firewall Rule I have in place is as follows:
Action: Allow
From Zone: WAN
To Zone: LAN
Service: <Service Object>
Source: Any
Destination: <Address Object>
Users Allowed: All
Schedule: Always On
Enable Logging
Allow Fragmented Packets

I'm still unable to access the port when I type in the IP WAN IP address with Port 6000 in a browser on a system outside of the network. It's supposed to resolve to a DVR which can be viewed internally on the networking using a web browser without specifying a port. The external port that has been defined is 6000.

Any help will be greatly appreciated.

Poly11Author Commented:
Also, when I try to use the wizard, it stalls when I hit the Next button after selecting the service, etc...
David SpigelmanPresident / CEOCommented:
I think the problem is in your firewall rule. Your destination should be the WAN primary IP. Right now, the rule is looking for packets going to, which it will never see.
Poly11Author Commented:
OK, in the firewall rule I have changed the destination from <Address Object> to WAN Primary IP, but we are still unable to connect. I have an Address Object that has the IP address of the DVR, now that it's not assigned to the firewall rule I am not sure how the request will find the IP.

Basically what we need is access to the DVR which is IP address with an internal port of 85. The external port is 7000. When we enter the external IP address with :7000 we need it to go to the Address Object which is Is there any way we can do this?

David SpigelmanPresident / CEOCommented:
Ok - That's a lot of information you didn't give us before. Here's the deal: The Firewall Rule deals with permissions: What packets, directed to where, are permitted to come through? The NAT rule deals with redirection: Anything coming to this port, gets redirected to there.

So your firewall rule needs to allow the traffic for the WAN Primary IP in this case, because that's the address the users are trying to reach. So that's what the firewall needs to permit.

However, once that's through, you need to make sure that the NAT rule is directing it properly. You have your NAT rule sending the packet from the original sender, to the translated address, and that's correct. But you have the translated service set to original. So when a user sends a packet to your public IP address, at port 7000, they are redirected to You need, now, to set up a service for port 85, and use that as the Translated Service.
David SpigelmanPresident / CEOCommented:
Oh, I didn't mention that it would seem like your firewall rule is fine as is. It's the NAT rule that needs to be changed, that's all. I just want that to be clear.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Poly11Author Commented:
Thank you! It's all working perfectly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.