Solved

Opening up ports and Setting up port forwarding on Sonicwall.

Posted on 2014-03-26
8
515 Views
Last Modified: 2014-03-27
It's been a while since i have done FW config.
I need to allow people access a users pc on port 96 for a piece of SW they are trialing.
Can you advise on the steps ?

I have setup an access rule for traffic coming in on any interface on port 96 to be allowed through to the users IP. How do i setup port forwarding and have i correctly confirgure part 1 here ?
0
Comment
Question by:netsupport2014
  • 4
  • 3
8 Comments
 
LVL 1

Expert Comment

by:Dan130
ID: 39956673
what sonicwall NSA are you running and firmware? install telnet to check if ports you are opened correctly.
0
 

Author Comment

by:netsupport2014
ID: 39956692
Model = TZ 170 Enhanced
Firmware = SonicOS Enhanced 3.2

Telnet not connecting.
0
 
LVL 9

Accepted Solution

by:
BigPapaGotti earned 500 total points
ID: 39957232
You did the first part right by adding the ACL to permit the traffic, make sure that you did it for the right ACL of WAN>LAN assuming that the user's machine is located on the LAN zone.

The next step you need to do is setup a NAT Policy so that it will automatically forward the correct ports to the host's machine. Below is the jist of accomplishing this:


Login to the Sonicwall.
Create a new NAT policy that will be similar to the settings below:
Original Source: Any
Translated Source: Original
Original Destination: WAN Primary IP
Translated Destination: IP OF YOUR USERS COMPUTER
Original Service: PORT NUMBER YOUR HOST IS Listening on (96)
Translated Service: Original
Inbound Interface: X1
Outbound Interface: Any
0
 

Author Comment

by:netsupport2014
ID: 39957360
I have done that to the best of my knowledge now and sadly still no luck.

To confirm I can browse to this PC internally from another machine using http://192.168.1.37:96/logon and i get splash screen.

After adding rules and policy above I still can't access the splash screen from outside site.
Using  http://87.xxx.xxx.114:96/logon from my browser as test.

Telnetting and Scanning using http://www.yougetsignal.com/tools/open-ports/ are saying port 96 is still closed. Am i missing something ?

NAT Access Ruletesting
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39957816
on your nat policy try adjusting it so that the interfaces are specific. such as incoming is your external/public interface and then your outgoing interface is your internal/private interface that your host connects to.
0
 

Author Comment

by:netsupport2014
ID: 39957904
Tried Setting Incoming as Wan and Outgoing as LAN but still no joy. Could there be something overriding this rule ?
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39958580
There could be a prior ACL that is matching the traffic based on the criteria. If you hover your mouse over the "statistics icon" on your ACL (looks like little bar graphs) this will let you know if your ACL is having any matches if these numbers increment. I would look at your ACL list for WAN>LAN to see what is before it and if possible move up the ACL towards the top. You could always add a temporary permit Any/Any to see if the NAT policy works this will let you know if it is something with the firewall or if this is something with the NAT policy/something else causing the issue.

Also try looking at the logs when you attempt to do this to see if there is anything that jumps out at you showing where the traffic is denied.

I also just looked at my SonicWALL and I see that on my Firewall I have Any Source and Any Destination then my associated services. Perhaps try this and see what your outcome will be. SonicWALLs tend to act oddly at times so be sure to change one thing at a time and then test it out so you know exactly what change resolved the issue.

Be sure to post back your findings
0
 

Author Comment

by:netsupport2014
ID: 39960152
Great stuff. After doing the reviews you suggested i spotted the problem. I think the fact i had tried to get it working so many times i forgot to retrace steps and made too many changes all at once. So i went back to the start and it's working now. Thanks a lot for your help !!!!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Wifi(LAN) GW being picked up 2 34
Watchguard Firewall Setup 3 32
Defaulting a Branch Juniper SRX240 5 22
iPad Won't Connect 16 42
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now