Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Some configuration help? I am losing my sanity.

Regarding a TZ400 with SonicOS 6.5...

I need to configure my firewall behind a comcast "gateway".

I need to allow a port (say port 12345) coming from a specific IP address (say 123.1.1.1). When it arrives at my site it has to get forwarded to port 2345 on statically assigned 192.168.7.20.

I put the Comcast in bridge mode , configured X1 as my public IP, configured X0 as 192.168.7.1 with DHCP from 10 to 200, Created by service and address objects, access rule, NAT... and nothing. No connectivity in or out.

I also tried taking the Comcast out of bridge, giving X1 an address within the Comcast range and sending the DMZ to the X1 interface and still nothing. I know there are a couple of video's showing the concepts, but I am missing something. Is there somewhere I can go to get some individual help on my specific problem without costing an arm and a leg?


Thanks!

Category: Entry Level Firewalls
Reply

Answers

  • SaravananSaravanan Moderator

    Hi @NETDEL,

    Welcome to SonicWall Community. We can help you on this concern.

    Sounds like you are trying port address translation on the SonicWall firewall to access a local resource hosted behind it and need some help.

    Could you please tell me if the ports described by you above are the actual ports that you wanna forward to your local resource? Also, do you wanna allow this port from external access or even for internal access using the firewall's public IP?

    Please let us know and we can guide you further on this.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • AjishlalAjishlal Cybersecurity Overlord ✭✭✭

    Hi @NetDel

    Bridge mode is not available if the gateway is provisioned with any static IPs.

    1) Disable the comcast gateway Firewall or if you want enable the gateway firewall, enable the check box for the "Allow all traffic through"

    2) If your gateway has been provisioned properly with your static IP, you should be able to configure any of your own devices with your static IP information and just plug it into the gateway's ethernet ports.

  • TKWITSTKWITS Newbie ✭

    Again, @Ajishlal knows his stuff. Comcast doesn't do full bridge mode, you have to change the modem firewall as described.

  • NetDelNetDel Newbie ✭

    Hello all, and thank you for your assistance. I guess I need to get more specific, except for the public IP's so here goes:

    Comcast business gateway public IP is say 123.234.123.234. My network's internal subnet must be 192.168.7.x

    Comcast internal IP is set at 192.168.8.1 to avoid the subnet overlap

    Comcast DHCP set to assign 1 only address: 192.168.8.10, so X1 is 192.168.8.10

    I have set the Comcast to allow all traffic through and also pointed the comcast DMZ port to 192.168.8.10

    LAN port address is 192.168.7.1

    I need to allow traffic from 1 specific address (say 111.222.234.235) on port 2368 to reach 192.168.7.204 on the same 2368 port

    It doesn't work.


    Previously I tried putting the comcast in bridge and assigning the public IP to X1 but that didn't work either

  • AjishlalAjishlal Cybersecurity Overlord ✭✭✭

    Hi @NetDel

    First you would have to do the port forwarding in comcast router, For that pls follow the below steps;

    Login into the comcast router and navigate to the Advanced;

    Select the Advanced menu in the left pane, then click Port Forwarding.

    Then "Save"

    Second you have to create Access Rule and NAT policy in Firewall.

    Create WAN to LAN Access Rule;

    NAT Policy:

    Try the above steps and let us know, whether its helped you or not.

  • SaravananSaravanan Moderator

    Hi @NETDEL,

    Thanks for confirming the IP subnet conflicting part.

    If you have both inbound NAT and WAN to LAN access rule in place on the SonicWall appliance, make sure you have the ports opened on the upstream ISP router or modem as well. If still further difficulties in getting this to work, please perform a packet capture on the SonicWall to pin point the not working reason.

    The packet monitor is an efficient tool and can yield better results.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.