Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Port forwarding and access control

Morning!

I have unfortunately run into an issue with a client of ours who utilizes a TZ370, here's the tale:

The customer has an application server sitting at 192.168.16.3 on his network and a static WAN IP. On this server is steel design software that he needs to be able to access from a "remote" version of the application. This is accomplished by running the application's remote server software, then ensuring requests coming in through TCP 9154 can make it through the firewall and are then forwarded to the server IP listed above. In order to facilitate this, I followed the SonicOS 7.X instructions found at https://www.sonicwall.com/support/knowledge-base/how-can-i-enable-port-forwarding-and-allow-access-to-a-server-through-the-sonicwall/170503477349850/ since I am still relatively new working with Sonicwall devices. I created the necessary address objects for the server's public and private IP addresses, the service object to specify which port and protocol, then setup NAT rules and Access rules to allow traffic in through the firewall across TCP 9154 and translate the request over to the application server. Unfortunately, this does not appear to be working after ensuring that I followed the aforementioned guide strictly.

I have included the inbound Firewall and NAT diagrams in case they may be of assistance. I can provide any further information I may have forgotten. But, any advice or direction is greatly appreciated.


Category: Firewall Management and Analytics
Reply

Best Answer

Answers

  • chibbitschibbits Newbie ✭

    @TKWITS - Thank you! After changing the source port to "Any" in the Access rule, the vendor was able to successfully connect the database. I have been fighting with this off and on for the better part of a month. You are a life, and sanity, saver :)

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Since access is for a vendor, the vendor should be able to supply you with a list of IP addresses to allow connections from. These would then be specified as the Source Address in the Access Rule. Otherwise your database is open to the world, and that's not good security.

  • chibbitschibbits Newbie ✭

    I have their list of IP addresses and will be narrowing that down - they requested for the initial test not to restrict until successful. I'm actively working on setting that up now :)

Sign In or Register to comment.