• SonicOSX 7
• Advanced
  • Changing Between SonicOS and SonicOSX
    • Changing From Policy to Classic Mode
    • Changing From Classic to Policy Mode
  • Detection Prevention
  • Dynamic Ports
  • Source Routed Packets
  • Access Rule Options
  • IP and UDP Checksum Enforcement
  • Jumbo Frame
  • Connections
  • Control Plane Flood Protection
  • IPv6 Advanced Configuration
• SSL Control
  • Key Features of SSL Control
  • Key Concepts to SSL Control
  • Caveats and Advisories
  • Configuring SSL Control
  • Custom List
  • Enabling SSL Control on Zones
• Cipher Control
  • TLS Ciphers
    • Blocking/Unblocking Ciphers
    • Filtering Ciphers
      • Selecting Display Options
      • Displaying Ciphers by Strength
      • Displaying Ciphers by Block/Unblock
      • Displaying Ciphers by CBC Mode
      • Displaying Ciphers by TLS Protocol Version
  • SSH Ciphers
• Real-Time Black List (RBL) Filter
  • Configuring the RBL Filter
    • Enabling RBL Blocking
    • Adding RBL Services
    • Configuring User-Defined SMTP Server Lists
      • Configuring a White List
      • Configuring a Black List
    • Testing SMTP IP Addresses

Dynamic Ports

To configure dynamic ports:

1. Navigate to Firewall > Firewall > Advanced.

2. Scroll to Dynamic Ports.

   

3. From Enable FTP Transformations for TCP port(s) in Service Object, select the service group to enable FTP transformations for a particular service object. By default, service group FTP (All) is selected.

4. FTP operates on TCP ports 20 and 21, where port 21 is the Control Port and 20 is Data Port. When using non-standard ports (for example, 2020, 2121), however, SonicWall drops the packets by default as it is not able to identify it as FTP traffic. The Enable FTP Transformations for TCP port(s) in Service Object option allows you to select a Service Object to specify a custom control port for FTP traffic.

   To illustrate how this feature works, consider the following example of an FTP server behind the SonicWall listening on port 2121.

   1. On theObject > Match Objects > Addresses page, create an Address Objects for the private IP address of the FTP server with the following values:

      • Name: FTP Server Private

      • Zone: LAN

      • Type: Host

      • IP Address: 192.168.168.2

        

   2. On the Object > Match Objects > Services page, create a custom service for the FTP Server with the following values:

      • Name: FTP Custom Port Control

      • Protocol: TCP(6)

      • Port Range: 2121 - 2121

        

   3. On the Policy > Rules and Policies > NAT Policy page, create a NAT Policy:

   4. On the Policy > Rules and Policies > Security Policy page, create the Access Rule:

   5. On the Network > Firewall > Advanced > Dynamic Portspage, from Enable FTP Transformations for TCP port(s) in Service Object, select the FTP Custom Port Control Service Object.

5. If you have Oracle9i or earlier applications on your network, select Enable support for Oracle (SQLNet). This option is not selected by default.

   For Oracle10g or later applications, it is recommended that this option not be selected.

   For Oracle9i and earlier applications, the data channel port is different from the control connection port. When this option is enabled, a SQLNet control connection is scanned for a data channel being negotiated. When a negotiation is found, a connection entry for the data channel is created dynamically, with NAT applied if necessary. Within SonicOSX, the SQLNet and data channel are associated with each other and treated as a session.

   For Oracle10g and later applications, the two ports are the same, so the data channel port does not need to be tracked separately; thus, the option does not need to be enabled.

6. To support on-demand delivery of real-time data, such as audio and video, select Enable RTSP Transformations. RTSP (Real Time Streaming Protocol) is an application-level protocol for control over delivery of data with real-time properties. This option is selected by default.
7. Click Accept.