asked on
Configuring sonicwall TZ215 ports for VOIP phone system
Hello, I am trying to configure some ports in a sonicwall TZ-215. I've created services and service groups for some of the ports, although they are not open according to a port scan. I'm sure I am missing something. I have little knowledge of sonicwalls, so this is something new for me. I need to create some ports and port ranges in TCP, UDP, and RTP for audio. Any advice or info would be great. Once I can get at least one port open, I should be able to handle the rest.
Voice Over IPHardware Firewalls
Last Comment
Jeff Goldbort
ASKER
I've attached the config i made so far, i have a bunch of ports to add but I'm just trying to get the first one going first. as of now it's not working. 192.168.1.50 is the VoIP server IP. trying to get TCP port 4400 open for starters. Thanks for you input.
createdaddressobject.jpg
firewall-rule.jpg
natpolicy.jpg
serviceobject.jpg
createdaddressobject.jpg
firewall-rule.jpg
natpolicy.jpg
serviceobject.jpg
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Hi Jeff,
The best way to open ports is to use the Wizard located in the top right corner then select Public Servers. This will provide the most complete and comprehensive way to open ports properly. From there you can fine tune it, for example, substituting Service & Access Groups instead of single Address & Service Objects or filtering Sources in Access Rules.
I'd delete the Access Rules and NAT Policies you have setup. They are incorrect. For example, unless you have enabled Outbound Filtering, there is no need to create any LAN>WAN Access Rules because everything is allowed by default.
Let me know how it goes and if you have any other questions!
The best way to open ports is to use the Wizard located in the top right corner then select Public Servers. This will provide the most complete and comprehensive way to open ports properly. From there you can fine tune it, for example, substituting Service & Access Groups instead of single Address & Service Objects or filtering Sources in Access Rules.
I'd delete the Access Rules and NAT Policies you have setup. They are incorrect. For example, unless you have enabled Outbound Filtering, there is no need to create any LAN>WAN Access Rules because everything is allowed by default.
Let me know how it goes and if you have any other questions!
ASKER
Thank you. I will look into that. I'll update this question at that time when I get back to working on this issue.
Did it work?
ASKER
Closing this, as I am no longer working on this issue. Change of work venue for me. Thank you.
1) create a NAT policy
2) create a Firewall rule
for #2 create the firewall rule on the original packet, not the natted one
e.g.
NAT
src=any, translated (t) src = original
dst = X1 IP (or other public IP), t dst = private IP address server / pbx
srvc = service group with the appropriate VoIP protocols, t srvc = original
the FW rule from WAN to LAN would look like
src = any, dst = public IP, srvc = service group
View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com