Allowing a Service through Sonicwall

by | Mar 13, 2019 | Firewall | 0 comments

In this example, we want to allow port 37777 through a SonicWall firewall to an internal ADT Security System. This port allows remote monitoring from the ADT app.

1. The first step is to create an Address Object in the Sonicwall. The ADT System is located at 10.1.100.200.

Classic Mode: Network > Address Objects
Contemporary Mode: Manage Tab (across the top) > Objects > Address Objects

2. Then we want to create the Service:

Classic Mode: Network > Services
Contemporary Mode: Manage Tab (across the top) > Objects > Service Objects

In this case, we need to create two Service Objects, one for the TCP protocol and the other for the UDP Protocol.

Once those are done, we will create a Service Group for these Service Objects.

3. Now that we have the Object and Service created, we are ready to construct the NAT Policy.

Classic Mode: Network > NAT Policies
Contemporary Mode: Manage Tab (across the top) > Rules > NAT Policies

For our system, we want to catch the request when it hits the WAN (X1) Port, specifically the WAN IP. So we’ll add that to the Original Destination. We don’t care where it came from for this example. If you wanted to lock down the Source, you could create an Address Object for the Remote IP and add it here.

Next we’ll place our Address Object in the Translated Destination. This is the core of the NAT Policy. It is taking the request from outside our network and redirecting it to a specific server internally. Then we’ll add our Service in the Original Service and leave Translated Service set to Original (same). Translated Service means if you want to receive it on one port and then change it to a different port internally. In this example we don’t want the port to change as it moves through the network. Change the Inbound Interface to the WAN Port (X1), we’ll use IPv4 only and make sure the Policy is enabled. Click OK when finished.

4. The fourth and final step is to make sure our Service Port is allowed through the Firewall.

Classic Mode: Firewall > Access Rules
Contemporary Mode: Manage Tab (across the top) > Rules > Access Rules

Make sure the Action is set to Allow and that the Rule is from WANT to LAN. Set the ADT Group under Service and the WAN Interface IP for the Destination. We set it to always on.

Once these settings are configured, you can use an online Open Port tool to check if the port is open.