Improve company productivity with a Business Account.Sign Up

x
?
Solved

Configuring sonicwall TZ215 ports for VOIP phone system

Posted on 2016-08-17
7
Medium Priority
?
162 Views
Last Modified: 2016-09-12
Hello, I am trying to configure some ports in a sonicwall TZ-215. I've created services and service groups for some of the ports, although they are not open according to a port scan. I'm sure I am missing something.  I have little knowledge of sonicwalls, so this is something new for me. I need to create some ports and port ranges in TCP, UDP, and RTP for audio. Any advice or info would be great. Once I can get at least one port open, I should be able to handle the rest.
0
Comment
Question by:Jeff Goldbort
  • 3
  • 3
7 Comments
 
LVL 10

Expert Comment

by:J Spoor
ID: 41759886
Opening up ports in a SonicWALL from the outside means
1) create a NAT policy
2) create a Firewall rule

for #2 create the firewall rule on the original packet, not the natted one

e.g.
NAT
src=any, translated (t) src = original
dst = X1 IP (or other public IP), t dst = private IP address server / pbx
srvc = service group with the appropriate VoIP protocols, t srvc = original

the FW rule from WAN to LAN would look like
src = any, dst = public IP, srvc = service group

View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 

Author Comment

by:Jeff Goldbort
ID: 41759956
I've attached the config i made so far, i have a bunch of ports to add but I'm just trying to get the first one going first. as of now it's not working. 192.168.1.50 is the VoIP server IP. trying to get TCP port 4400 open for starters. Thanks for you input.
createdaddressobject.jpg
firewall-rule.jpg
natpolicy.jpg
serviceobject.jpg
0
 
LVL 10

Accepted Solution

by:
J Spoor earned 1500 total points
ID: 41759973
1) the object has a private IP address, so it should be zone LAN not WAN?
2) in the NAT policy, destination should be the PUBLIC IP address you want to use, and Translated Destination the PRIVATE IP address
3) for the firewall rule leave SOURCE port to ANY, and set DESTINATION to the PUBLIC IP used in #2

example, using X1 IP
say X1 = 2.2.2.2
say X0 = 192.168.1.1
say PBX = 192.168.1.2

NAT policy
src = ANY, transl src = ORIGINAL
dst = 2.2.2.2, transl dst = 192.168.1.2
srvs = TCP 4400, transl srvc = ORIGINAL

Firewall rule
from zone WAN
to zone LAN
src = ANY
dst = 2.2.2.2
src port = ANY
service = TCP 4400
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
LVL 31

Expert Comment

by:Blue Street Tech
ID: 41764870
Hi Jeff,

The best way to open ports is to use the Wizard located in the top right corner then select Public Servers. This will provide the most complete and comprehensive way to open ports properly. From there you can fine tune it, for example, substituting Service & Access Groups instead of single Address & Service Objects or filtering Sources in Access Rules.

I'd delete the Access Rules and NAT Policies you have setup. They are incorrect. For example, unless you have enabled Outbound Filtering, there is no need to create any LAN>WAN Access Rules because everything is allowed by default.

Let me know how it goes and if you have any other questions!
0
 

Author Comment

by:Jeff Goldbort
ID: 41765321
Thank you. I will look into that. I'll update this question at that time when I get back to working on this issue.
0
 
LVL 10

Expert Comment

by:J Spoor
ID: 41784858
Did it work?
0
 

Author Comment

by:Jeff Goldbort
ID: 41794984
Closing this, as I am no longer working on this issue. Change of work venue for me. Thank you.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Watch the video to know the simple way to remove or recover or reset lost or forgotten passwords of Outlook PST file. With Kernel Outlook Password Recovery tool such operation is very easy to perform. It is a freeware with limitation to use with 500…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question