How can I open ports or allow access to internal server through the firewall using the Wizards/Quick configuration?

Description

This article explains how to open ports or enable port forwarding or allow access to internal server through the SonicWall for the following options using the Wizards/Quick Configuration Setup:

  • Web Services
  • FTP Services
  • Mail Services
  • Terminal Services
  • Other Services

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.


Consider the following example where the server is behind the firewall. This is the server we would like to allow access from outside (WAN).

  1.  The Firewall's WAN IP is 1.1.1.1
  2. The server's private IP is 192.168.1.100
  3. We would like to NAT the firewall's WAN IP (1.1.1.1) to the server IP on LAN IP (192.168.1.100) and vice-versa.
  • To allow access to the server, select the WIZARDS option from the top of the page on the web GUI. This opens up the configuration dialog.

    Image

  • Select Public Server Guide in the following dialog and click Next to proceed.

    Image

  • The following options are available in the next dialog
  1. Web Services: Allows HTTP (TCP port 80) and HTTPS (TCP port 443).
  2. FTP Services: Allows TCP port 21.
  3. Mail Services: Allows SMTP (TCP port 25), POP3 (TCP port 110) and IMAP (TCP port 143).
  4. Terminal Services: Allows RDP (TCP port 3389) and Citrix ICA (TCP port 1494).
  5. Other Services: You can select other services from the drop-down list. This list contains all the service objects and groups on the firewall. You can select this option to add a custom port object or group to the firewall for use. Read more about Service Objects here.

    Image

  • In the following dialog, enter the Private IP address of the server and the name. This is similar to creating an address object.

    EXAMPLE: The server IP will be 192.168.1.100

    Image

  • The next dialog requires the public IP of the server. Predominantly, the private IP is NAT'ed to the SonicWall's WAN IP, but you can also enter a different public IP address if you would like to translate the server to a different IP. For our example, the IP address is 1.1.1.1.

    Image

  • The following dialog lists the configuration that will be added once the wizard is complete.

    Image

  • Select Apply to complete the process.You can verify if the rules and NAT policies have been created by checking under Policy | Rules and Policies| Access Rules | NAT Rules (as shown below).

    Image

    NOTE:     Setup will add one access rules in matrix WAN to LAN to allow traffic from outside to inside and 3 NAT policies for inbound, outbound and loopback translation. Read more about NAT policies here.


    READ MORE: How to open ports or allow access to server without using Wizard/Quick Configuration.


Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


Consider the following example where the server is behind the firewall. This is the server we would like to allow access from outside (WAN).

  1.  The Firewall's WAN IP is 1.1.1.1
  2. The server's private IP is 192.168.1.100
  3. We would like to NAT the firewall's WAN IP (1.1.1.1) to the server IP on LAN IP (192.168.1.100) and vice-versa.
  • To allow access to the server, select the QUICK CONFIGURATION option from the top of the page on the web GUI. This opens up the configuration dialog.Image
  • Select Public Server Guide in the following dialog.
    Image

  • The following options are available in the next dialog
  1. Web Services: Allows HTTP (TCP port 80) and HTTPS (TCP port 443).
  2. FTP Services: Allows TCP port 21.
  3. Mail Services: Allows SMTP (TCP port 25), POP3 (TCP port 110) and IMAP (TCP port 143).
  4. Terminal Services: Allows RDP (TCP port 3389) and Citrix ICA (TCP port 1494).
  5. Other Services: You can select other services from the drop-down list. This list contains all the service objects and groups on the firewall. You can select this option to add a custom port object or group to the firewall for use. Read more about Service Objects here.

    Image
  • In the following dialog, enter the IP address of the server and the name. This is similar to creating an address object.

    EXAMPLE: The server IP will be 192.168.1.100

    Image

  • The next dialog requires the public IP of the server. Predominantly, the private IP is NAT'ed to the SonicWall's WAN IP, but you can also enter a different public IP address if you would like to translate the server to a different IP. For our example, the IP address is 1.1.1.1.
    Image

  • The following dialog lists the configuration that will be added once the wizard is complete.

    Image

  • Select Apply to complete the process.You can verify if the rules and NAT policies have been created by checking under Manage | Policies | Rules | Access Rules | NAT Policy (as shown below).

    Image

    NOTE: Setup will add one access rules in matrix WAN to LAN to allow traffic from outside to inside and 3 NAT policies for inbound, outbound and loopback translation. Read more about NAT policies here.

    READ MORE: How to open ports or allow access to server without using Wizard/Quick Configuration.

Related Articles

  • SonicWall UTM throws an error : " Invalid Authentication " Error: SN and EPAID Do Not Match
    Read More
  • Firewall logs show frequent probe status changes after upgrade
    Read More
  • SSO Agent 4.0: Installation, Configurations, and troubleshooting
    Read More

Categories

Firewalls
TZ Series
Networking
Firewalls
NSa Series
Networking
Firewalls
NSv Series
Networking
not finding your answers?
Ask the Community
was this article helpful?
YesNo