Solved

Configuring sonicwall TZ215 ports for VOIP phone system

Posted on 2016-08-17
7
55 Views
Last Modified: 2016-09-12
Hello, I am trying to configure some ports in a sonicwall TZ-215. I've created services and service groups for some of the ports, although they are not open according to a port scan. I'm sure I am missing something.  I have little knowledge of sonicwalls, so this is something new for me. I need to create some ports and port ranges in TCP, UDP, and RTP for audio. Any advice or info would be great. Once I can get at least one port open, I should be able to handle the rest.
0
Comment
Question by:Jeff Goldbort
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 8

Expert Comment

by:J Spoor
ID: 41759886
Opening up ports in a SonicWALL from the outside means
1) create a NAT policy
2) create a Firewall rule

for #2 create the firewall rule on the original packet, not the natted one

e.g.
NAT
src=any, translated (t) src = original
dst = X1 IP (or other public IP), t dst = private IP address server / pbx
srvc = service group with the appropriate VoIP protocols, t srvc = original

the FW rule from WAN to LAN would look like
src = any, dst = public IP, srvc = service group

View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 

Author Comment

by:Jeff Goldbort
ID: 41759956
I've attached the config i made so far, i have a bunch of ports to add but I'm just trying to get the first one going first. as of now it's not working. 192.168.1.50 is the VoIP server IP. trying to get TCP port 4400 open for starters. Thanks for you input.
createdaddressobject.jpg
firewall-rule.jpg
natpolicy.jpg
serviceobject.jpg
0
 
LVL 8

Accepted Solution

by:
J Spoor earned 500 total points
ID: 41759973
1) the object has a private IP address, so it should be zone LAN not WAN?
2) in the NAT policy, destination should be the PUBLIC IP address you want to use, and Translated Destination the PRIVATE IP address
3) for the firewall rule leave SOURCE port to ANY, and set DESTINATION to the PUBLIC IP used in #2

example, using X1 IP
say X1 = 2.2.2.2
say X0 = 192.168.1.1
say PBX = 192.168.1.2

NAT policy
src = ANY, transl src = ORIGINAL
dst = 2.2.2.2, transl dst = 192.168.1.2
srvs = TCP 4400, transl srvc = ORIGINAL

Firewall rule
from zone WAN
to zone LAN
src = ANY
dst = 2.2.2.2
src port = ANY
service = TCP 4400
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 25

Expert Comment

by:Diverse IT
ID: 41764870
Hi Jeff,

The best way to open ports is to use the Wizard located in the top right corner then select Public Servers. This will provide the most complete and comprehensive way to open ports properly. From there you can fine tune it, for example, substituting Service & Access Groups instead of single Address & Service Objects or filtering Sources in Access Rules.

I'd delete the Access Rules and NAT Policies you have setup. They are incorrect. For example, unless you have enabled Outbound Filtering, there is no need to create any LAN>WAN Access Rules because everything is allowed by default.

Let me know how it goes and if you have any other questions!
0
 

Author Comment

by:Jeff Goldbort
ID: 41765321
Thank you. I will look into that. I'll update this question at that time when I get back to working on this issue.
0
 
LVL 8

Expert Comment

by:J Spoor
ID: 41784858
Did it work?
0
 

Author Comment

by:Jeff Goldbort
ID: 41794984
Closing this, as I am no longer working on this issue. Change of work venue for me. Thank you.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question