Pages

Thursday, September 19, 2013

Port Forwarding with SonicWALL Firewall TZ 200

Port Forwarding change the destination IP address to an IP address and port behind the firewall.
Manually you can open different Ports to allow (Webserver, FTP, Email, Terminal Service, VNC, etc.) from the Internet to a server behind the SonicWALL Firewall.

To open Ports to a Server you need follow the below steps:
  1. Creating a Custom Service or Services.
  2. Creating the necessary Address Objects.
  3. Defining the appropriate NAT Policies (Inbound, Outbound, and Loopback).
  4. Creating the necessary WAN, Zone Access Rules for public access.
The following example cover allowing "TightVNC" from the Internet to a Server on the LAN with private IP address.

Procedure:

Step 1: Creating a Custom Service for "TightVNC".
  • In the left panel click to expand "Firewall > Services".
  • I the right panel click to select "Custom Services".
  • On "Services" click to "Add" button.
  • On the "Add Service" open window, type the following data:
          - Name: TightVNC
          - Protocol: "click to expand" and select "TCP"
          - Port Range: 5900 - 5900
  • Then click on "Add" button.
Step 2: Creating the necessary "Address Objects".
  • In the left panel click to expand "Network > Address Objects".
  • Click on "Add" button to create "Server IP on LAN" Address Object.
  • On the "Network Security Appliance" open windows, type the following data:
          - Name: TightVNC Private
          - Zone Assignment: LAN
          - Type: Host
          - IP Address: "Here type the Server or Computer IP address" e.g: 192.168.1.34
  • Click "OK" button to create the "Server Public" Address Object.
Now
  • Click on "Add" button to create "Public IP" Address Object.
  • On the "Network Security Appliance" open windows, type the following data:
          - Name: TightVNC Public
          - Zone Assignment: WAN
          - Type: Host
          - IP Address: "Here type the Pubic IP Address" e.g: 1.1.1.1
  • Click "OK" button to create the "Public IP" Address Object.
Step 3: Defining NAT Policies.
  • In the left panel click to expand "Network > NAT Policies".
  • Click on "Add" button to create "NAT Policy" and chose the following settings from the drop-down menu:
          - Original Source: Any
          - Translated Source: Original
          - Original Destination: TightVNC Public
          - Translated Destination: TightVNC Private
          - Original Service: TightVNC
          - Translated Service: Original
          - Inbound Interface: Any
          - Outbound Interface: Any
          - Comment: TightVNC behind SonicWALL
  • Click to check "Enable NAT Policy"
  • Click to check "Create a reflexive policy". When you check this box, a mirror outbound NAT policy for the NAT policy you define Policy window is automatically created.
  • Click "Add" button.
If you wish access this server from other internal zones using the Public IP address 1.1.1.1 consider creating a Loopback NAT Policy.
  • Click on "Add" button to create "Loopback Policy" and chose the following settings from the drop-down menu:
          - Original Source: Firewalled Subnets
          - Translated Source: TightVNC Public
          - Original Destination: TightVNC Public
          - Translated Destination: TightVNC Private
          - Original Service: TightVNC
          - Translated Service: Original
          - Inbound Interface: Any
          - Outbound Interface: Any
          - Comment: Loopback Policy
  • Click to check "Enable NAT Policy"
  • Unchecked "Create a reflexive policy".
  • Click "Add" button.
Step 4: Creating Firewall Access Rules.
  • In the left panel click to expand "Firewall > Access Rules" tab.
  • In view style click to select "Matrix".
  • Click to select "From: WAN to: LAN".
  • Click "Add" button.
  • In "Add Rule" open window entry the following into the fields:
          - Action: Click to check "Allow"
          - From Zone: WAN
          - to Zone: LAN
          - Service: TightVNC
          - Source: Any
          - Destination: TightVNC Public
          - Users Allowed: All
          - Schedule: Always on
          - Comment: Server behind SonicWALL
  • Click to check "Enable Logging" and "Allow Fragmented Packets".
  • Click on "OK" buttom.
Now you need install TightVNC in you PC or Server, after that go to http://www.yougetsignal.com/tools/open-ports/ and check is you port is open.

Congratulation!!! Now you can connect remotely using TightVNC tool.

If you need additional Server or Network support visit http://www.yourtechstaff.com or call  (407) 697 3100