SonicWALL Enhanced OS

Holy Moly!  I went to configure a simple port-forwarding rule on a customer’s SonicWALL TZ200 today and entered into a whole world of hurt!

All I wanted to do was allow HTTP traffic into an internal web server – exceedingly straightforward on any device I’ve ever worked on before… not so under SonicOS Enhanced!

After about an hour of bizarrely confusing options I realised that one needs to create an address object for the internal server, create a NAT policy to allow access, and then create a firewall access rule.  This doesn’t sound too bad except it wasn’t that simple in fact.  To add to the confusion, I managed to create a NAT loop which killed the network!  That was purely down to my own stupidity though!

So how did I get it to work?  I gave in and used one of the wizards after looking at the following excellent post online: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7027

Turns out the device needs THREE NAT policies (inbound, outbound, and loopback) plus address object, plus firewall access rule!  What?!!

My advice: take your time with this OS and use the wizards unless you’ve got loads of experience with these devices.

Comments