Access rules not working
Hi All,
I am facing issues with my new access rules. I have created a new access rule to allow the TCP traffic on the 4445 port for my default public IP but it's not working. I have the same rule with the same server for port 4444 and that rule is working completely fine.
Both the rules are exactly the same with the only difference of services port, I have checked this almost 20 times and still, the old rule is working not the new one.
Also, we have purchased 2 new firewalls for a new network setup, and both the firewalls also behaving in this manner where even when the access rule and NAT rule are correct still the port is closed and I am not even able to connect through telnet.
Please suggest.
Best Answers
-
Saravanan Moderator
Hi @SMILEPOINT_GROUP,
Thank you for visiting SonicWall Community.
Here are some of the key points to be noted. Please provide answers to my questions as well.
- Are you trying to allow the TCP 4445 on the SonicWall from WAN (external network) to LAN or DMZ (behind firewall)? If so, please ensure you have the inbound NAT policy is also in place. You can refer the NAT policy meant for TCP 4444.
- Have you verified the TCP 4445 accessibility locally (using the resource's private IP address) on the same network where you have the resource that listens on TCP 4445 located?
I'll wait for your response.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
0 -
Ajishlal Community Legend ✭✭✭✭✭
Hi @SMILEPOINT_GROUP,
Please make sure the TCP 4445 port is opened in your Server.
For example; open the CMD -->netstat -an
0 -
Ajishlal Community Legend ✭✭✭✭✭
Try to enable the required TCP port through powershell and use below command to do that.
netsh advfirewall firewall add rule name="Open Port 4444" dir=in action=allow protocol=TCP localport=4444
Once you apply the above command and check whether it's open or not.
Test-NetConnection -Port 4444 -ComputerName localhost
If still its closed, Try with below command in powershell.
New-NetFirewallRule -DisplayName "Allow inbound TCP port 4444" -Direction inbound -LocalPort 4444 -Protocol TCP -Action Allow
0
Answers
Hi Sarsvanan,
Answer:- I am trying to allow TCP 4444 on SonicWall from WAN to LAN. The NAT policy for the same is also in place.
You can refer to the NAT policy meant for TCP 4444.
Answer:- I tried, the rule is exactly the same with a change of destination service(which is the port4445 instead of 4444). But still no luck. Neither the traffic is flowing through nor the telnet is connecting.
Answer:- The resources are able to communicate locally but when I try to connect telnet to port 4445, it is not connecting. The windows firewall is already disabled and no antivirus is yet installed so there is nothing that can prevent the communication.
Please suggest
Hi AJISHLAL JI,
I tried the netstat command and got the below result. A lot of ports are there but not 4444. I have already created a rule in windows firewalls as well to open the 4444 and 4445 ports for both incoming and outgoing connections still not there. I also tried after disabling the windows firewall itself, still, the ports in the count of 5 are listening but not the port I want, i.e. 4444 & 4445.
please suggest if anything else can be tried?
Hi @SMILEPOINT_GROUP,
Thanks for your answers.
The resource is not accessible locally on TCP ports 4444 and 4445 and this has to be fixed the local resource since netstat result doesn't show that the local resource is not listening on these ports. Possibly, check for Event Viewer logs on the local resource. If you can get this working locally, then passing via the SonicWall would definitely work.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi AJISHLAL Ji,
Thanks for the suggestions. It worked in one of the two but on the second server, the command didn't work. Yes it added a new rule to the windows server firewall to open the port4444 (which was already there) but still the port is not listening on netstat -an and the result of the command "Test-NetConnection -Port 4444 -ComputerName localhost" but same there as well.