Solved

Configuring sonicwall TZ215 ports for VOIP phone system

Posted on 2016-08-17
7
25 Views
Last Modified: 2016-09-12
Hello, I am trying to configure some ports in a sonicwall TZ-215. I've created services and service groups for some of the ports, although they are not open according to a port scan. I'm sure I am missing something.  I have little knowledge of sonicwalls, so this is something new for me. I need to create some ports and port ranges in TCP, UDP, and RTP for audio. Any advice or info would be great. Once I can get at least one port open, I should be able to handle the rest.
0
Comment
Question by:Jeff Goldbort
  • 3
  • 3
7 Comments
 
LVL 5

Expert Comment

by:JSpoor
ID: 41759886
Opening up ports in a SonicWALL from the outside means
1) create a NAT policy
2) create a Firewall rule

for #2 create the firewall rule on the original packet, not the natted one

e.g.
NAT
src=any, translated (t) src = original
dst = X1 IP (or other public IP), t dst = private IP address server / pbx
srvc = service group with the appropriate VoIP protocols, t srvc = original

the FW rule from WAN to LAN would look like
src = any, dst = public IP, srvc = service group

View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 

Author Comment

by:Jeff Goldbort
ID: 41759956
I've attached the config i made so far, i have a bunch of ports to add but I'm just trying to get the first one going first. as of now it's not working. 192.168.1.50 is the VoIP server IP. trying to get TCP port 4400 open for starters. Thanks for you input.
createdaddressobject.jpg
firewall-rule.jpg
natpolicy.jpg
serviceobject.jpg
0
 
LVL 5

Accepted Solution

by:
JSpoor earned 500 total points
ID: 41759973
1) the object has a private IP address, so it should be zone LAN not WAN?
2) in the NAT policy, destination should be the PUBLIC IP address you want to use, and Translated Destination the PRIVATE IP address
3) for the firewall rule leave SOURCE port to ANY, and set DESTINATION to the PUBLIC IP used in #2

example, using X1 IP
say X1 = 2.2.2.2
say X0 = 192.168.1.1
say PBX = 192.168.1.2

NAT policy
src = ANY, transl src = ORIGINAL
dst = 2.2.2.2, transl dst = 192.168.1.2
srvs = TCP 4400, transl srvc = ORIGINAL

Firewall rule
from zone WAN
to zone LAN
src = ANY
dst = 2.2.2.2
src port = ANY
service = TCP 4400
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 24

Expert Comment

by:diverseit
ID: 41764870
Hi Jeff,

The best way to open ports is to use the Wizard located in the top right corner then select Public Servers. This will provide the most complete and comprehensive way to open ports properly. From there you can fine tune it, for example, substituting Service & Access Groups instead of single Address & Service Objects or filtering Sources in Access Rules.

I'd delete the Access Rules and NAT Policies you have setup. They are incorrect. For example, unless you have enabled Outbound Filtering, there is no need to create any LAN>WAN Access Rules because everything is allowed by default.

Let me know how it goes and if you have any other questions!
0
 

Author Comment

by:Jeff Goldbort
ID: 41765321
Thank you. I will look into that. I'll update this question at that time when I get back to working on this issue.
0
 
LVL 5

Expert Comment

by:JSpoor
ID: 41784858
Did it work?
0
 

Author Comment

by:Jeff Goldbort
ID: 41794984
Closing this, as I am no longer working on this issue. Change of work venue for me. Thank you.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now