This article is a quick reminder (for myself) on how to properly configure port forwarding on a Dell Sonicwall firewall.

Objects

First, create the address and services objects you need for the port forwarding. In case of multiple addresses or services, create a group and add all objects in that group.

Once the objects are in place, they can be referenced from the NAT policies.

NAT policies

NAT policies define the actual port forwarding. For a port forwarding to work properly, there are 3 policies that have to be defined:

• Inbound policy: directs and translates the service from WAN to the computer behind the firewall.
• Outbound policy (also called "reflexive" policy): outbound traffic from the computer back to WAN (and the client) gets properly directed (and translated if needed).
• Loopback policy: allows clients behind the firewall to use the WAN IP to connect to the computer which is also behind the firewall. Sonicwall is one of the few firewalls that actually support this without strenuous configuration.

Create the policies like so, referencing the objects you've created earlier.

With the NAT policies in place, you still have to configure the required firewall rule to allow traffic to pass through the firewall. Set the destination address object to the WAN IP address, as it will be enough to accept the traffic for the services on the WAN IP of your firewall. Once the traffic is on the firewall, the NAT policies will do the rest.

You may also have to create an outgoing firewall rule to allow traffic from the computer behind the firewall to WAN. In this case, the source address will be the internal address object of your computer.