How to configure SonicWall inbound NAT
ฝัง
- เผยแพร่เมื่อ 22 ส.ค. 2024
- in this video we will set inbound NAT, change port in the NAT, and touch a couple security tips.
BEST is to always use VPN to access resources from the outside.
SSL-VPN on the firewall: • How to configure Sonic...
Dedicated client VPN appliance from SonicWall: • SonicWall SMA
NAT loopback (if you prefer to not fix DNS issue)
www.sonicwall....
May be interesting for some people: Instead of setting up the hardened rule to allow access from a fixed WAN ip/source only, you could also use a fqdn for the source in combination with e.g dyndns or any other dynip dns service. Works like a charm...
Smart!
I like it. Just be careful as some carrier (especially cell phone carrier) will share an IP with many many many other customers. But still 1000x better than opening it to « any »!
Thanks. Haven’t thought about it
Hey Jean-Pier - ty, your video has helped me twice already. the thing with the WAN IP in the rule destination - honestly i like the logic behind it, but it's just opposite of what you have in other firewalls and i almost never work on sonicwalls, but when i do they're someone else's and full of unnamed rules. it's tedious to find the issue but - thank you - i fimally got my vpn connect going. (natting to 'my' network zone's firewall)
Pretty cool tips to make NAT security. Thanks for sharing and help us J-P.
thanks for the video. I was pulling my hair out of my skill to figure this out on my own.
Thanks, waiting for harden configuration video.
Hi Jean, great videos! I am from Brazil, and your videos help me a lot. Please consider making a video on how to make and configure a DMZ. Thanks!!!
Hi Gabriel!
Thanks for the feedback. I can surely make a video on DMZ. I already have a few videos lined up. I’ll add it to the list!
Thanks
Actually I believe I have done it. Look at my « network segregation » video. Pretty sure I show how to create a DMZ. Have a look and let me know :-)
Muchas Gracias Jean!!!
Hi Jean-Pier. I heard you mentioned that your Playstation is in your IOT-Zone. Did you manage to get it to NAT Type 2 using you Sonicwall for online play? Mine is Strict (Nat Type 3) and I'm struggling with the NAT Policies.
I dont play with it. Kid and GF does. They don’t complain :-)
PS4 is accessing internet just line any other devices through default NaT policies
Thank you so much bro. 👍
My pleasure!
Hello, on video you are saying to fix DNS rather than band-aid like NAT Policy. However, is there way to set loopback policy only through DNS Server? no matter how hard I search for it, only I can find that port forwarding can be only by router not by DNS Server. If there is way to do that, please walk it through.
Awesome!
it always confuses me on Sonicwalls, why NAT rules also require firewall rules and vice versa? Can you gain access from external with just a NAT rule? Or what would happen if you created just a firewall rule right through to the destination, would that work? Why are firewall rules not just NAT enabled? They used to be on old Sonicwalls years ago like the SOHO etc.
Agreed, it’s odd to do 2 policies for one thing.
Doug Demuro would call that « quirks and features » :-)
Hi sir,
i have a firewall with router based. There is a pc with port forwarding if i connect the pc with router the port forwarding is working when ever i connect the pc through firewall the port forwarding is not working i have allowed all the traffic also specified the traffic given free flow rules between router and firewall. may i know what might be the issue and needing solutions.
Hi Syed,
Unfortunately I don’t know what it can be. It can be several things.
Best would be to contact sonicwall tech support and provide them a diagram of what you are trying to achieve. They should be able to help.
How to put only on host in a DNS zone, while the other hosts of the DNS zone is managed outside the LAN?
You will need an access rule that allows DNS from the lan to the dns zone
Hi jean
Thanks for such an informative videos can you please guide me how can i allow port forwarding if my firewall is installed behind the Cisco router I have a Scenario like >>ISP>>>Cisco router>>>TZ370>>>LAN
Remove the Cisco? :-)
@JeanPierTalbot Is there any way for the user authentication method work if I use an IP address from a block of public addresses we have instead of the actual WAN Interface IP address?
Yes you can use other Wan IP you have too
@@JeanPierTalbot What I am trying to do is allow a remote non SSLVPN user to access resources across our site-to-site VPN. I am allowing this now, but the users are SSLVPN users that get assigned an inside address. Using the method discussed here, is that possible?
Hello, I just stumbled across your video. I was wondering if you could provide some insights on port forwarding on a Sonicwall. I am trying to pass a live stream from my phone to my home PC that is running OBS then send that out to a internet streaming service such as TH-cam or Twitch.
Good one. I don’t know the requirements for what you are trying to achieve or event if it’s possible.
I won’t be able to help on this one
your videos are amazing and I think I watched all multiple times. Anyway now I have a problem with a NSa2700. I cannot connect from outside to a webserver on port 80. Something is blocking 80 and 443. Need help pls
Thanks!
Some ISP are blocking those ports as they don’t want you to host anything. They want you to pay for their hosting services.
Have a look at my NAT video. Try taking a weird port (like 555) and change the port in the NAT FOR 80.
Original destination port: 555
Translated destination port: 80
Thank you for the tips, at the end of the day was the gateway security and the packet inspector that block the inbound traffic on that ports. Put the workstation in an exclusion group and everything works now @@JeanPierTalbot
Hello, I configured NAT on the sonicwall and the connection works from a remote network connected by VPN. However, I cannot connect to the sonicwall interface from this remote network. Access to the sonicwall interface is impossible through NAT ?
Il not sure il following you. You are outside and want to nat yourself in to manage the firewall?
I would advice to manage it from its wan or interface instead.
Let me know if I’m off track :-)
@@JeanPierTalbot thank you for the feedback.
I want to connect to the firewall from my remote network connected in VPN.
From a remote network connected in VPN without NAT it works, but from a remote network connected with NAT it does not work.
To access a local server from my remote network it works through NAT, but not firewall access.
NAT is configured on the local firewall, not on the remote firewall.
Sorry, I'm French, my English is not perfect
please make video on application policies in sonicwall.
Ok, it´s next in line :-)
Dear.... can you please provide the video for site to site VPN, where one site will have public IP. please explain step by step.... do not skip any step please
Sure! Sounds like an easy one. But I have a few lined up already.
what can i get from a sonicwall tz270 with just the hardware with no licenses?
You won’t get any of the security features (IPS, antivirus, URL filtering…) and no support, no warranty, no OS upgrades.
You won’t get any on the stuff mention here:
www.sonicwall.com/products/firewalls/security-services/security-bundles/
I think over 90% of sales are with the security features. Highly recommended for security
@@JeanPierTalbot thank you you're videos are a huge help
NAT. how can the client's wan ip be logged in the app's log instead of the sonicwall's ip WAN
Hi, sorry I’ll need more details. I don’t understand your question. Maybe it’s because it’s Friday and it has been a long week :-)
I want to record the user's ip address when they access rather than sonicwall's wan ip. After I've nat port . Sorry my english is so bad
How can I make a nat pool for outbound NAT... on Sonicwall....
I never tried it, but I believe you simply use an address group that contains all the IP you want in the pool.
Again, I haven’t tried it :-)
@@JeanPierTalbot I have a couple of IPs that maybe if someone wants to browse they can use. That's the use case I want to implement
@@pipi_delina and you want the user to be able to decide which WAN IP he wants to use?
if so, you would need to create users, like user "WAN-IP-1" and create NAT policies to nat "WAN-IP-1" using your 1st WAN IP. then NAT policy for user "WAN-IP-2" using your 2st WAN IP.
then you tell user to authenticate to the firewall as user "WAN-IP-1"
@@JeanPierTalbot it was a use case I wanted.. I achieved that by making group objects and used the group for the nat
Hi can you make a Video how to configure sonicwall for voip FreePBX rules WAN-Lan
I run trixbox for my sonicwall phone numbers. I use iax2 protocol with my cloud voip provider which is NAT friendly.
I don’t know how to securely handle voip phone outside and open ports from the outside so they can reach the PBX inside. Especially if you are using SIP as it used 20 000+ ports and does not like NAT.
You can reach out to your local sonicwall team, they can put you in touch with a local sonicwall partner that does professional services ($)