• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 551
  • Last Modified:

Opening up ports and Setting up port forwarding on Sonicwall.

It's been a while since i have done FW config.
I need to allow people access a users pc on port 96 for a piece of SW they are trialing.
Can you advise on the steps ?

I have setup an access rule for traffic coming in on any interface on port 96 to be allowed through to the users IP. How do i setup port forwarding and have i correctly confirgure part 1 here ?
0
netsupport2014
Asked:
netsupport2014
  • 4
  • 3
1 Solution
 
Dan130Commented:
what sonicwall NSA are you running and firmware? install telnet to check if ports you are opened correctly.
0
 
netsupport2014Author Commented:
Model = TZ 170 Enhanced
Firmware = SonicOS Enhanced 3.2

Telnet not connecting.
0
 
BigPapaGottiCommented:
You did the first part right by adding the ACL to permit the traffic, make sure that you did it for the right ACL of WAN>LAN assuming that the user's machine is located on the LAN zone.

The next step you need to do is setup a NAT Policy so that it will automatically forward the correct ports to the host's machine. Below is the jist of accomplishing this:


Login to the Sonicwall.
Create a new NAT policy that will be similar to the settings below:
Original Source: Any
Translated Source: Original
Original Destination: WAN Primary IP
Translated Destination: IP OF YOUR USERS COMPUTER
Original Service: PORT NUMBER YOUR HOST IS Listening on (96)
Translated Service: Original
Inbound Interface: X1
Outbound Interface: Any
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
netsupport2014Author Commented:
I have done that to the best of my knowledge now and sadly still no luck.

To confirm I can browse to this PC internally from another machine using http://192.168.1.37:96/logon and i get splash screen.

After adding rules and policy above I still can't access the splash screen from outside site.
Using  http://87.xxx.xxx.114:96/logon from my browser as test.

Telnetting and Scanning using http://www.yougetsignal.com/tools/open-ports/ are saying port 96 is still closed. Am i missing something ?

NAT Access Ruletesting
0
 
BigPapaGottiCommented:
on your nat policy try adjusting it so that the interfaces are specific. such as incoming is your external/public interface and then your outgoing interface is your internal/private interface that your host connects to.
0
 
netsupport2014Author Commented:
Tried Setting Incoming as Wan and Outgoing as LAN but still no joy. Could there be something overriding this rule ?
0
 
BigPapaGottiCommented:
There could be a prior ACL that is matching the traffic based on the criteria. If you hover your mouse over the "statistics icon" on your ACL (looks like little bar graphs) this will let you know if your ACL is having any matches if these numbers increment. I would look at your ACL list for WAN>LAN to see what is before it and if possible move up the ACL towards the top. You could always add a temporary permit Any/Any to see if the NAT policy works this will let you know if it is something with the firewall or if this is something with the NAT policy/something else causing the issue.

Also try looking at the logs when you attempt to do this to see if there is anything that jumps out at you showing where the traffic is denied.

I also just looked at my SonicWALL and I see that on my Firewall I have Any Source and Any Destination then my associated services. Perhaps try this and see what your outcome will be. SonicWALLs tend to act oddly at times so be sure to change one thing at a time and then test it out so you know exactly what change resolved the issue.

Be sure to post back your findings
0
 
netsupport2014Author Commented:
Great stuff. After doing the reviews you suggested i spotted the problem. I think the fact i had tried to get it working so many times i forgot to retrace steps and made too many changes all at once. So i went back to the start and it's working now. Thanks a lot for your help !!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now