Source Port Remapping
jpcjr92
Newbie ✭
I am having an issue with an IP PBX passing the built in firewall checker. Some of the ports are stating full cone NAT isn't enabled. X1 is using the first static IP and the traffic is routed to another IP on the block. We have a block of 29 usable.
I have made an inbound NAT policy and the ports are in the service group. I have also made an outbound NAT policy for the address object to be translated to the public IP and checked disable source port remapping.
However when I run the firewall check it fails. Is there another setting I am missing?
Category: Mid Range Firewalls
0
Answers
Hi @JPCJR92,
Thank you for visiting SonicWall Community.
Could you please explain what happens exactly with Source Port Remapping disabled? Is the NAT policy not taking effect or the phones not registering? I would like like to understand the statement "when I run the firewall check it fails". I can help you better after understanding the scenario.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
It appears the policy isn't applying to all ports. The PBX shows ports 5001, 5060, 5061, 5090 pass.
The RTP ports of 9000-10999 will have most pass. There will randomly be ports that show port remapping.
Hi @JPCJR92,
Thanks for making it clear.
Please try to delete the NAT policy once and then re-add it with "Disable Source Port Remapping" checked. Please ensure to give top priority for this NAT policy by making the fields on it more specific.
Please try this and update me.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
I have deleted the NAT policy and re-created it. I am getting the same result. If I set the service to the service group I made for the inbound rule all ports fail. If I set the service to any most ports pass but have random ports show as re-mapped.
I have checked disable port remapping on the advanced tab. ESET Public if one of my 29 IPs and I use it for my ERA server so that is why it is called Eset Public.
Hi @JPCJR92,
Thanks for the info.
It looks like part of the ports are failing from Source port no remap. It would be best to work on this in real-time with packet capture on the SonicWall appliance. Please approach our support team to work on it.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services