Tuesday, January 28, 2014

Port Forwarding on Sonicwall

If you're here, no doubt you've realized that a sonicwall isn't as simple as you'd like it to be.

I hope this guide IS that simple!

In this instance, we're port forwarding. This means the external port is translated to an internal port.

1. Create a Service Object (Network->Services)
- this is your WAN port or the one that is made up. For instance, if you were making port 9001 forward to 3389, this would be the step you'd create port 9001.
- Name it with a number so you're not confused, like service1

1b. If the port you're forwading TO isn't a standard port, you'll want to make that here too. Unlike the port in step1, since this is the 'translated' port it doesn't have to be unique. A simple name like "VOIP" or whatever best describes it will work well.

Note: Know the protocol for you service to define the port type. (TCP, UDP, GRE, etc.)

2. Click the Wizard button at the top

3.  Choose Public Server Wizard

4. Dropdown Box to Other

5. Scroll to the bottom of the "services" list which appears after you've selected other and you'll find the service object from #1

6. Click Next

7.  Type a name for the computer and give it a similar number to step #1. Also set an IP address which is outside of your DHCP range.

8. Complete the wizard

9. Browse to Network-> NAT Policies

10. Click on the heading under "service-Original" to sort by services, there should be three entries for your computer

11. Start with the first relevant option, and go down to where it says "translated service", find your TCP service and save. Move to the next until you've done all three.

For bonus points, you can create an address object which is a range, to prevent it being open to the world. For instance, our VOIP ports need to be standard, but they don't have to be open to the world, rather just the select companies that modify them. So the IP access is limited to those.

Or, you could set work-hours so that the port is only available during work hours.

Both of these greatly reduce the surface area for attack. Though, they're not 100% solid.

I hope I made things easy!
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)