Sonicwall - port forwarding

Started by Hans Manhave, February 03, 2020, 06:29:25 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Hans Manhave

I need to forward some ports through our Sonicwall TZ400 to an internal IP address.

Can anyone tell me how to do that?

Thanks.
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Mark

Use the wizard and I think it should be pretty straightforward.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Hans Manhave

Thank you.  I followed the Wizard last week.  It didn't follow me.  Now I am delving into the details and reading the how-to-be-a-wizard-in-30-minutes manual plus the youtube video(s).  There should be a simple way to pick-a-port and send-it-over-there, the end.  But then everyone would be able to do it and the pay rate would go way down.   :)
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Mark

I haven't touched a SW in a while, but the wizard should have setup the NAT policy and pointed the outsize IP:port combo to the inside IP:port combo.

Do you have multiple outside IP addresses?
Is the internal machine on a static IP address?
Are the WAN/LAN zones setup correctly?

This is one of those things that I'd have to look at in order to figure out.  :-\
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Hans Manhave

All is well. 

I had a wizard do it, but he/it/she failed to complete the event in sufficient detail as needed.  I then followed the SW video on this topic which did the job.  I had to do it several times, for each port.  I could criticize the procedure but that wouldn't help any and there is probably a reason to have it the way it is.  I probably need to do it ten more times before I can write the instructions so that is not going to happen.  :)
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Mark

Quote from: FWA on February 04, 2020, 11:25:03 AM
I had a wizard do it

"A" wizard?   ;D

There should have been an option at the top of the page to open ports using the "wizard".   I hate the process of doing it manually in SW because you have to remember to go to multiple areas to set it up and even though that's often the same on other platforms, SW makes it confusing/stupid to me.  I also don't like using Wizards... these are two big reasons why I never liked SW personally.  The other reason is the web interface overall - I do not like web interfaces.  I guess I'm getting old because everything is a web interface now, most other options are being removed and/or dumbed down.  I may even decide to switch to SW as much as it pains me to say it.

Glad you got it figured out!
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

When I did a factory reset of our SW over the holidays, I had this same issue.  It turned out that a device need 2 different ports opened, and I needed to do it for both TCP and UDP traffic on each port.  What I ended up doing was using the wizard to do the forwarding, confirming it worked using an open ports site like YouGetSignal.Com's port forwarding tester, and then editing the "objects" to add both IP addresses to the ports object and then both TCP and UDP to whatever they call the protocols "objects".   

What you soon learn about SonicWall is that EVERY port and protocol is closed unless you open it, or it is opened via a wizard.  I ended up clicking on the hyperlinked items in the NAT section, and saw that there were 5 "rules" for the forwarding on another port that was working correctly, and I was missing one rule.   I now print all of the rules, NAT, Objects, etc.... so I have a record of what I did and how I did it.  Lesson learned. 
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

Quote from: Jeff Zylstra on February 04, 2020, 01:27:07 PM
What you soon learn about SonicWall is that EVERY port and protocol is closed unless you open it

This should be for every firewall, not just sw.  That is what they do.  ALL ports are closed for INCOMING connections unless they are specifically opened.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Tom Fisher

If you're keeping active subscriptions on your SW stuff, give support a call next time.  They will help you with basic configuration issues in a snap.  If you call outside of regular hours you rarely have to wait too.
Tom Fisher
The Tech Frood
tom@techfrood.com
www.techfrood.com