2009-07-12

Forward different port to internal service on SonicalWall firewall

Scenario:
You want to use other ports other than 3389 for remote desktop.
The plan is to use wan ip xx.xx.xxx.xxx:4000-xxxx for the other remote desktop users.

Solution one:
You could just forward 4000-xxxx to the windows servers and change the listening port for RDP: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp
Edit PortNumber, change it to decimal and specify the new port number.
Reboot the server

Solution two:
1. Create an Address Object allowing a WAN IP to access the Firewall.
a. Network > Address Object > Click Add button.
b. Name: WAN IP Access
c:Zone Assignment: Host
d. Type : Wan
e. IP Address: Whatever your External IP Address is.
f. Click OK
What you’ve done here is create a way for you to access this firewall from outside the network.

2. Next, create your custom port.
a. Go to Firewall > Services, put a bullet for Custom Services this will make it easier to see.
b. Scroll down to the Services area and click on the Add button.
c. From here is where you:
i. Name the port that you are opening and assign what port to be open.
ii. Protocol: for Remote Desktop is TCP (6)
iii. Port Range: For me I wanted my Remote Desktop users to start Using 9000. So the port Range is 9000-9000.
iv. And Sub Type I left alone. Then click OK .

3. To keep things organized we added Services to a Services Group
a. Click Add Group ex. Remote Desktop; for us since we had more than Remote Desktop users we called it External Ports.
b. Then select your newly created Service from the left column and put it on the right by highlighting and then using the arrow button.
c. Then click OK

4. Next we went to Network > Address Object; place a bullet in Custom Address Objects.
a. Click the Add Button
b. Name: Username PC
c. Zone Assignment: LAN
d. Type: Host
e. IP Address: Enter local IP address of computer or machine ex. 192.168.1.100
f. Click OK

5. Now, below Address Objects select NAT Policies ; place a bullet in Custom Policies.
This is what binds the Outside IP address to the local IP address using your custom port.
a. Original Source: Any (any request from the outside coming to the firewall)
b. Translated: Original (keep the request the same, say if you want to enter through port 3389)
c. Original Destination: Public IP Address (WAN IP/ External IP)
d. Translates: Username PC (Custom Address Objects)
e. Original Service: created Port 9000
f. Translated: Remotes Desktop
g. Interface Inbound: Any
h. Interface Outbound: Any
i. Click ok.

Reference reading:
http://www.sonicwall.com/downloads/C...Forwarding.pdf , Standard is pages 2 to the top of 3.
Above steps enhanced which started on page 3-7.

No comments: