Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Tech Tips: An ultimate troubleshooting guide for port forwarding

Hello Everyone,

It is impossible to live in a world where you won't need port forwarding. There will always be situations when you would need to forward some ports through the firewall to gain connectivity to your internal devices when you are not present on the network.

After my experience with troubleshooting port forwarding issues, I have written this KB that includes the most common mistakes we see and troubleshooting steps to alleviate problems in those situations. These are pretty straight forward steps but somehow we miss them. I thought it would be best to consolidate this at one place, making it easier to follow.

I hope this is helpful!

Thanks!!

Category: Entry Level Firewalls
Reply

Shipra Sahu

Technical Support Advisor, Premier Services

Comments

  • Harshi_0614Harshi_0614 Newbie ✭
    Great work @shiprasahu93 !
  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @shiprasahu93

    you shouldn't have used 3389 to give the BlueKeep dilemma a boost ... hahaha just kidding.

    One thing I might add to port translation is the topic of Hairpin-NAT or Loopback-NAT, which is needed when you wanna connect from inside (LAN) to your WAN address driven services, usually done by their domain name which points to the public IP-Address.

    For that matter I'am having the NAT rule with Inbound and Outbound interface set to Any. On the other hand we need an Access Rule like you mentioned in your KB article, but not from WAN -> DMZ instead it should be LAN -> DMZ to the X1 IP (or whatever public IP) or from ANY -> DMZ to X1 IP, then all my internal zones are covered. Depends on your scenario, LAN -> LAN should be covered with default settings.

    It's covered there in detail, but the last screenshot is wrong IMHO, it should DMZ not WAN.

    https://www.sonicwall.com/support/knowledge-base/access-a-server-behind-the-sonicwall-from-internal-networks-using-public-ips-loopback-nat/170505780814635/


    Just my €.02

    s--Michael@BWC

  • shiprasahu93shiprasahu93 Moderator
    edited June 1

    Thanks for bringing that to my notice Michael@BWC . I will work on correcting that screenshot.

    Believe me most of cases are to forward Terminal services though. 😂

    Loopback NATs is an extremely amazing topic. That is the reason I have included the series of events in the KB I have added so that it is easier to understand what zones would be required in the access rule as you pointed out.

    I can tell you have a tremendous grasp on this topic. 😁 I will work on this older KB and have that fixed.

    Thanks!!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • shiprasahu93shiprasahu93 Moderator

    The last screenshot in KB: Access A Server Behind The SonicWall From Internal Networks Using Public IPs (Loopback NAT) is now corrected!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Poorni_5Poorni_5 SonicWall Employee

    @shiprasahu93 , You covered all the most possible NAT options!!

  • shiprasahu93shiprasahu93 Moderator

    @Poorni_5 ,

    Usually with port forwarding cases, a small tweak used to solve the issue and I always wanted to put all of that together at one place. Finally created this KB that includes most of the scenarios from my experience.

    Thanks again!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Poorni_5Poorni_5 SonicWall Employee

    @shiprasahu93 Good that you have taken this initiative.

  • fmadiafmadia Moderator

    @shiprasahu93 I agree, this is an amazing work, well done!

  • shiprasahu93shiprasahu93 Moderator

    Thanks again! @Poorni_5 and @fmadia 😄

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.