Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Configuring sonic wall__port_forwarding

385 views

Published on

CONFIGURACION FIREWALL SONICMAL TZ200

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Configuring sonic wall__port_forwarding

  1. 1. VPN Configuring Port Forwarding with the SonicWALL Product SonicOS Standard and Enhanced Introduction This tech note provides information on how to configure your SonicWALL firewall for port forwarding of FTP, SMTP and DNS. Port forwarding is used when you have internal servers that need to be accessible by the public and you have limited public IP addresses. Therefore, a one-to-one NAT is not possible or not desired. In this scenario, only one public IP address is given and it is assigned to the SonicWALL WAN interface. However, we have three servers, one running FTP, one running SMTP and one running DNS that needs to be accessible by the public, as illustrated in the diagram below. Co
  2. 2. 2 Configuration • Port forwarding for FTP with Standard firmware: 1. In the Management UI, click on Firewall and open the Access Rules settings page. 2. Click on Add. 3. In the Rule Setting window, configure the following. Action: Allow Service: FTP Source: * Address Range: * Destination: LAN Address Range: 192.168.168.10 Comment: Port Forwarding for FTP server. 4. Click on Ok. • Port forwarding for SMTP with Standard firmware: 1. In the Management UI, click on Firewall and open the Access Rules settings page. 2. Click on Add. 3. In the Rule Setting window, configure the following. Action: Allow Service: Send E-Mail (SMTP) Source: * Address Range: * Destination: LAN Address Range: 192.168.168.11 Comment: Port Forwarding for SMTP server. 4. Click on Ok. • Port forwarding for DNS with Standard firmware: 1. In the Management UI, click on Firewall and open the Access Rules settings page. 2. Click on Add. 3. In the Rule Setting window, configure the following.
  3. 3. 3 Action: Allow Service: Name Service (DNS) Source: * Address Range: * Destination: LAN Address Range: 192.168.168.12 Comment: Port Forwarding for DNS server. 4. Click on OK. • Port forwarding for FTP with Enhanced firmware: 1. In the Management UI, click on Firewall and open the Access Rules settings page. 2. In the Access Rules matrix, click on from WAN to LAN. 3. Click on Add. 4. In the Rule Setting window, configure the following. Action: Allow Service: FTP (ALL) Source: Any Destination: WAN Interface IP Comment: Port Forwarding for FTP server. 5. Click on OK. 6. In the Management UI, click on Network and open the Address Objects page. 7. In the Address Objects section, click on Add. 8. In the Address Object window, configure the following. Name: FTP Server Zone Assignment: LAN Type: Host
  4. 4. 4 IP Address: <IP address of server > 9. Click on OK. 10. In the Management UI, click on Network and open the NAT Policies page. 11. Click on Add. 12. In the NAT Policy Settings window, configure the following. Original Source: Any Translated Source: Original Original Destination: WAN Interface IP Translated Destination: FTP Server <Address Object created in Steps 6-9> Original Service: FTP(ALL) Translated Service: Original Inbound Interface: WAN Outbound Interface: Any Comment: Port Forwarding for FTP server. Enable NAT Policy: Checked
  5. 5. 5 13. Click on OK. • Port forwarding for SMTP with Enhanced firmware: 1. In the Management UI, click on Firewall and open the Access Rules settings page. 2. In the Access Rules matrix, click on from WAN to LAN. 3. Click on Add. 4. In the Rule Setting window, configure the following. Action: Allow Service: SMTP (Send E-Mail) Source: Any Destination: WAN Interface IP Comment: Port Forwarding for SMTP server. 5. Click on OK. 6. In the Management UI, click on Network and open the Address Objects page. 7. In the Address Objects section, click on Add. 8. In the Address Object window, configure the following. Name: SMTP Server Zone Assignment: LAN Type: Host IP Address: 192.168.168.11 9. Click on OK. 10. In the Management UI, click on Network and open the NAT Policies page. 11. Click on Add. 12. In the NAT Policy Settings window, configure the following. Original Source: Any Translated Source: Original Original Destination: WAN Interface IP
  6. 6. 6 Translated Destination: SMTP Server <Address Object created in Steps 6-9> Original Service: SMTP (Send E-Mail) Translated Service: Original Inbound Interface: WAN Outbound Interface: Any Comment: Port Forwarding for SMTP server. Enable NAT Policy: Checked 13. Click on OK. • Port forwarding for DNS with Enhanced firmware: 14. In the Management UI, click on Firewall and open the Access Rules settings page. 15. In the Access Rules matrix, click on from WAN to LAN. 16. Click on Add. 17. In the Rule Setting window, configure the following. Action: Allow Service: DNS (Name Service) Source: Any Destination: WAN Interface IP Comment: Port Forwarding for DNS server. 18. Click on OK. 19. In the Management UI, click on Network and open the Address Objects page. 20. In the Address Objects section, click on Add. 21. In the Address Object window, configure the following. Name: DNS (Name Service) Zone Assignment: LAN Type: Host IP Address: 192.168.168.12 22. Click on OK. 23. In the Management UI, click on Network and open the NAT Policies page. 24. Click on Add. 25. In the NAT Policy Settings window, configure the following. Original Source: Any Translated Source: Original Original Destination: WAN Interface IP Translated Destination: DNS Server <Address Object created in Steps 6-9> Original Service: DNS (Name Service) Translated Service: Original Inbound Interface: WAN Outbound Interface: Any Comment: Port Forwarding for DNS server. Enable NAT Policy: Checked 26. Click on OK.
  7. 7. 7 Verification • Once the configuration is completed, you should be able to access the appropriate server via the WAN IP address of the firewall and the type of service from the Internet. Troubleshooting • Make sure the service is started on the server and is listening on the correct port. • Check the firewall access rules to make sure there are no rules with a higher priority than the rules you created above that will deny the access from the public. • If you are using Enhanced firmware, in the Management UI, click on Network and open the NAT Policies page. Then go to the NAT policy you created and click on the Traffic Statistic icon as depicted in the picture below. The counters should increment as you test your port forwarding configurations. If the counters do not increment, check the NAT polices above it to make sure that no other high priority policy is affecting it. • Check the firewall logs to see if there are any dropped packets pertaining to the port forwarding you configured. The logs can be viewed by going to Log > View in the Management UI. Related Documents For more information, refer to the following SonicWALL Technotes on www.sonicwall.com/support/documentation: 1. SonicOS Enhanced: Using a Secondary Public IP Range for NAT 2. SonicOS Enhanced: Configuring the SonicWALL DHCP for GVC 3. Configuring the SonicWALL DHCP for GVC 4. Terminating the WAN GroupVPN and Using VPN Access in SonicOS Enhanced 5. Terminating the WAN GroupVPN to the LAN/DMZ using SonicOS Standard 6. Typical DMZ Setups with FTP, SMTP, and DNS Servers 7. Using the SonicOS Enhanced Wizard To Configure a Public Server 8. Common Issues with GVC 9. Network Browsing with IP Helper NetBIOS Relay 10. Creating One-to-One NAT Policies in SonicOS Enhanced 11. SonicOS Enhanced: Three Types of Network Modes Document Last Updated:11/06/06

×