Backtrack:  
 
by lunarg on April 28th 2015, at 15:24

This article is a quick reminder (for myself) on how to properly configure port forwarding on a Dell Sonicwall firewall.

Objects

First, create the address and services objects you need for the port forwarding. In case of multiple addresses or services, create a group and add all objects in that group.

Address object for a local server

Service group with multiple services

Predefined objects, such as the WAN IP are already present and do not have to be created again. Also, the advantage of using these predefined objects is that they are dynamic: e.g. if the WAN IP changes, the policies and rules that use this object will not have to be changed.

Once the objects are in place, they can be referenced from the NAT policies.

NAT policies

NAT policies define the actual port forwarding. For a port forwarding to work properly, there are 3 policies that have to be defined:

  • Inbound policy: directs and translates the service from WAN to the computer behind the firewall.
  • Outbound policy (also called "reflexive" policy): outbound traffic from the computer back to WAN (and the client) gets properly directed (and translated if needed).
  • Loopback policy: allows clients behind the firewall to use the WAN IP to connect to the computer which is also behind the firewall. Sonicwall is one of the few firewalls that actually support this without strenuous configuration.

Create the policies like so, referencing the objects you've created earlier.

Inbound policy

Outbound policy

Loopback policy

Firewall rules

With the NAT policies in place, you still have to configure the required firewall rule to allow traffic to pass through the firewall. Set the destination address object to the WAN IP address, as it will be enough to accept the traffic for the services on the WAN IP of your firewall. Once the traffic is on the firewall, the NAT policies will do the rest.

You may also have to create an outgoing firewall rule to allow traffic from the computer behind the firewall to WAN. In this case, the source address will be the internal address object of your computer.

 
 
« December 2024»
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22232425262728
293031    
 
Links
 
Quote
« When a bird does poo poo in your eye, be happy elephants don't fly. »