Solved

Configuring sonicwall TZ215 ports for VOIP phone system

Posted on 2016-08-17
7
42 Views
Last Modified: 2016-09-12
Hello, I am trying to configure some ports in a sonicwall TZ-215. I've created services and service groups for some of the ports, although they are not open according to a port scan. I'm sure I am missing something.  I have little knowledge of sonicwalls, so this is something new for me. I need to create some ports and port ranges in TCP, UDP, and RTP for audio. Any advice or info would be great. Once I can get at least one port open, I should be able to handle the rest.
0
Comment
Question by:Jeff Goldbort
  • 3
  • 3
7 Comments
 
LVL 8

Expert Comment

by:J Spoor
ID: 41759886
Opening up ports in a SonicWALL from the outside means
1) create a NAT policy
2) create a Firewall rule

for #2 create the firewall rule on the original packet, not the natted one

e.g.
NAT
src=any, translated (t) src = original
dst = X1 IP (or other public IP), t dst = private IP address server / pbx
srvc = service group with the appropriate VoIP protocols, t srvc = original

the FW rule from WAN to LAN would look like
src = any, dst = public IP, srvc = service group

View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 

Author Comment

by:Jeff Goldbort
ID: 41759956
I've attached the config i made so far, i have a bunch of ports to add but I'm just trying to get the first one going first. as of now it's not working. 192.168.1.50 is the VoIP server IP. trying to get TCP port 4400 open for starters. Thanks for you input.
createdaddressobject.jpg
firewall-rule.jpg
natpolicy.jpg
serviceobject.jpg
0
 
LVL 8

Accepted Solution

by:
J Spoor earned 500 total points
ID: 41759973
1) the object has a private IP address, so it should be zone LAN not WAN?
2) in the NAT policy, destination should be the PUBLIC IP address you want to use, and Translated Destination the PRIVATE IP address
3) for the firewall rule leave SOURCE port to ANY, and set DESTINATION to the PUBLIC IP used in #2

example, using X1 IP
say X1 = 2.2.2.2
say X0 = 192.168.1.1
say PBX = 192.168.1.2

NAT policy
src = ANY, transl src = ORIGINAL
dst = 2.2.2.2, transl dst = 192.168.1.2
srvs = TCP 4400, transl srvc = ORIGINAL

Firewall rule
from zone WAN
to zone LAN
src = ANY
dst = 2.2.2.2
src port = ANY
service = TCP 4400
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 25

Expert Comment

by:Diverse IT
ID: 41764870
Hi Jeff,

The best way to open ports is to use the Wizard located in the top right corner then select Public Servers. This will provide the most complete and comprehensive way to open ports properly. From there you can fine tune it, for example, substituting Service & Access Groups instead of single Address & Service Objects or filtering Sources in Access Rules.

I'd delete the Access Rules and NAT Policies you have setup. They are incorrect. For example, unless you have enabled Outbound Filtering, there is no need to create any LAN>WAN Access Rules because everything is allowed by default.

Let me know how it goes and if you have any other questions!
0
 

Author Comment

by:Jeff Goldbort
ID: 41765321
Thank you. I will look into that. I'll update this question at that time when I get back to working on this issue.
0
 
LVL 8

Expert Comment

by:J Spoor
ID: 41784858
Did it work?
0
 

Author Comment

by:Jeff Goldbort
ID: 41794984
Closing this, as I am no longer working on this issue. Change of work venue for me. Thank you.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: user_n
How Sip Phone (User Agent) works and communicates with sip servers 1.  There is a sip server and a sip registrar.  The sip server and sip registrar can be one server or two different servers. The sip registrar is the server on which it is record…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question