Solved

Opening up ports and Setting up port forwarding on Sonicwall.

Posted on 2014-03-26
8
527 Views
Last Modified: 2014-03-27
It's been a while since i have done FW config.
I need to allow people access a users pc on port 96 for a piece of SW they are trialing.
Can you advise on the steps ?

I have setup an access rule for traffic coming in on any interface on port 96 to be allowed through to the users IP. How do i setup port forwarding and have i correctly confirgure part 1 here ?
0
Comment
Question by:netsupport2014
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 1

Expert Comment

by:Dan130
ID: 39956673
what sonicwall NSA are you running and firmware? install telnet to check if ports you are opened correctly.
0
 

Author Comment

by:netsupport2014
ID: 39956692
Model = TZ 170 Enhanced
Firmware = SonicOS Enhanced 3.2

Telnet not connecting.
0
 
LVL 9

Accepted Solution

by:
BigPapaGotti earned 500 total points
ID: 39957232
You did the first part right by adding the ACL to permit the traffic, make sure that you did it for the right ACL of WAN>LAN assuming that the user's machine is located on the LAN zone.

The next step you need to do is setup a NAT Policy so that it will automatically forward the correct ports to the host's machine. Below is the jist of accomplishing this:


Login to the Sonicwall.
Create a new NAT policy that will be similar to the settings below:
Original Source: Any
Translated Source: Original
Original Destination: WAN Primary IP
Translated Destination: IP OF YOUR USERS COMPUTER
Original Service: PORT NUMBER YOUR HOST IS Listening on (96)
Translated Service: Original
Inbound Interface: X1
Outbound Interface: Any
0
Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

 

Author Comment

by:netsupport2014
ID: 39957360
I have done that to the best of my knowledge now and sadly still no luck.

To confirm I can browse to this PC internally from another machine using http://192.168.1.37:96/logon and i get splash screen.

After adding rules and policy above I still can't access the splash screen from outside site.
Using  http://87.xxx.xxx.114:96/logon from my browser as test.

Telnetting and Scanning using http://www.yougetsignal.com/tools/open-ports/ are saying port 96 is still closed. Am i missing something ?

NAT Access Ruletesting
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39957816
on your nat policy try adjusting it so that the interfaces are specific. such as incoming is your external/public interface and then your outgoing interface is your internal/private interface that your host connects to.
0
 

Author Comment

by:netsupport2014
ID: 39957904
Tried Setting Incoming as Wan and Outgoing as LAN but still no joy. Could there be something overriding this rule ?
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39958580
There could be a prior ACL that is matching the traffic based on the criteria. If you hover your mouse over the "statistics icon" on your ACL (looks like little bar graphs) this will let you know if your ACL is having any matches if these numbers increment. I would look at your ACL list for WAN>LAN to see what is before it and if possible move up the ACL towards the top. You could always add a temporary permit Any/Any to see if the NAT policy works this will let you know if it is something with the firewall or if this is something with the NAT policy/something else causing the issue.

Also try looking at the logs when you attempt to do this to see if there is anything that jumps out at you showing where the traffic is denied.

I also just looked at my SonicWALL and I see that on my Firewall I have Any Source and Any Destination then my associated services. Perhaps try this and see what your outcome will be. SonicWALLs tend to act oddly at times so be sure to change one thing at a time and then test it out so you know exactly what change resolved the issue.

Be sure to post back your findings
0
 

Author Comment

by:netsupport2014
ID: 39960152
Great stuff. After doing the reviews you suggested i spotted the problem. I think the fact i had tried to get it working so many times i forgot to retrace steps and made too many changes all at once. So i went back to the start and it's working now. Thanks a lot for your help !!!!
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Multiple MPLS Circuits Connecting to LAN 3 68
Access Sonicwall Management Interface from another zone 5 43
BGP prefix and routing 3 101
Public DNS  Vs BGP 20 77
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question