Tech Tips: An ultimate troubleshooting guide for port forwarding
Hello Everyone,
It is impossible to live in a world where you won't need port forwarding. There will always be situations when you would need to forward some ports through the firewall to gain connectivity to your internal devices when you are not present on the network.
After my experience with troubleshooting port forwarding issues, I have written this KB that includes the most common mistakes we see and troubleshooting steps to alleviate problems in those situations. These are pretty straight forward steps but somehow we miss them. I thought it would be best to consolidate this at one place, making it easier to follow.
I hope this is helpful!
Thanks!!
Shipra Sahu
Technical Support Advisor, Premier Services
Comments
Hi @shiprasahu93
you shouldn't have used 3389 to give the BlueKeep dilemma a boost ... hahaha just kidding.
One thing I might add to port translation is the topic of Hairpin-NAT or Loopback-NAT, which is needed when you wanna connect from inside (LAN) to your WAN address driven services, usually done by their domain name which points to the public IP-Address.
For that matter I'am having the NAT rule with Inbound and Outbound interface set to Any. On the other hand we need an Access Rule like you mentioned in your KB article, but not from WAN -> DMZ instead it should be LAN -> DMZ to the X1 IP (or whatever public IP) or from ANY -> DMZ to X1 IP, then all my internal zones are covered. Depends on your scenario, LAN -> LAN should be covered with default settings.
It's covered there in detail, but the last screenshot is wrong IMHO, it should DMZ not WAN.
https://www.sonicwall.com/support/knowledge-base/access-a-server-behind-the-sonicwall-from-internal-networks-using-public-ips-loopback-nat/170505780814635/
Just my €.02
s--Michael@BWC
Thanks for bringing that to my notice Michael@BWC . I will work on correcting that screenshot.
Believe me most of cases are to forward Terminal services though. 😂
Loopback NATs is an extremely amazing topic. That is the reason I have included the series of events in the KB I have added so that it is easier to understand what zones would be required in the access rule as you pointed out.
I can tell you have a tremendous grasp on this topic. 😁 I will work on this older KB and have that fixed.
Thanks!!
Shipra Sahu
Technical Support Advisor, Premier Services
The last screenshot in KB: Access A Server Behind The SonicWall From Internal Networks Using Public IPs (Loopback NAT) is now corrected!
Shipra Sahu
Technical Support Advisor, Premier Services
@shiprasahu93 , You covered all the most possible NAT options!!
@Poorni_5 ,
Usually with port forwarding cases, a small tweak used to solve the issue and I always wanted to put all of that together at one place. Finally created this KB that includes most of the scenarios from my experience.
Thanks again!
Shipra Sahu
Technical Support Advisor, Premier Services
@shiprasahu93 Good that you have taken this initiative.
@shiprasahu93 I agree, this is an amazing work, well done!
Thanks again! @Poorni_5 and @fmadia 😄
Shipra Sahu
Technical Support Advisor, Premier Services