SonicOSX 7 Network Firewall

Dynamic Ports

To configure dynamic ports:

  1. Navigate to Firewall > Firewall > Advanced.
  2. Scroll to Dynamic Ports.

  3. From Enable FTP Transformations for TCP port(s) in Service Object, select the service group to enable FTP transformations for a particular service object. By default, service group FTP (All) is selected.

  4. FTP operates on TCP ports 20 and 21, where port 21 is the Control Port and 20 is Data Port. When using non-standard ports (for example, 2020, 2121), however, SonicWall drops the packets by default as it is not able to identify it as FTP traffic. The Enable FTP Transformations for TCP port(s) in Service Object option allows you to select a Service Object to specify a custom control port for FTP traffic.

    To illustrate how this feature works, consider the following example of an FTP server behind the SonicWall listening on port 2121.

    1. On theObject > Match Objects > Addresses page, create an Address Objects for the private IP address of the FTP server with the following values:

      • Name: FTP Server Private

      • Zone: LAN

      • Type: Host

      • IP Address: 192.168.168.2

    2. On the Object > Match Objects > Services page, create a custom service for the FTP Server with the following values:

      • Name: FTP Custom Port Control

      • Protocol: TCP(6)

      • Port Range: 2121 - 2121

    3. On the Policy > Rules and Policies > NAT Policy page, create a NAT Policy:

    4. On the Policy > Rules and Policies > Security Policy page, create the Access Rule:

    5. On the Network > Firewall > Advanced > Dynamic Portspage, from Enable FTP Transformations for TCP port(s) in Service Object, select the FTP Custom Port Control Service Object.

  5. If you have Oracle9i or earlier applications on your network, select Enable support for Oracle (SQLNet). This option is not selected by default.

    For Oracle10g or later applications, it is recommended that this option not be selected.

    For Oracle9i and earlier applications, the data channel port is different from the control connection port. When this option is enabled, a SQLNet control connection is scanned for a data channel being negotiated. When a negotiation is found, a connection entry for the data channel is created dynamically, with NAT applied if necessary. Within SonicOSX, the SQLNet and data channel are associated with each other and treated as a session.

    For Oracle10g and later applications, the two ports are the same, so the data channel port does not need to be tracked separately; thus, the option does not need to be enabled.

  6. To support on-demand delivery of real-time data, such as audio and video, select Enable RTSP Transformations. RTSP (Real Time Streaming Protocol) is an application-level protocol for control over delivery of data with real-time properties. This option is selected by default.
  7. Click Accept.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden