Holy Moly! I went to configure a simple port-forwarding rule on a customer’s SonicWALL TZ200 today and entered into a whole world of hurt!
All I wanted to do was allow HTTP traffic into an internal web server – exceedingly straightforward on any device I’ve ever worked on before… not so under SonicOS Enhanced!
After about an hour of bizarrely confusing options I realised that one needs to create an address object for the internal server, create a NAT policy to allow access, and then create a firewall access rule. This doesn’t sound too bad except it wasn’t that simple in fact. To add to the confusion, I managed to create a NAT loop which killed the network! That was purely down to my own stupidity though!
So how did I get it to work? I gave in and used one of the wizards after looking at the following excellent post online: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7027
Turns out the device needs THREE NAT policies (inbound, outbound, and loopback) plus address object, plus firewall access rule! What?!!
My advice: take your time with this OS and use the wizards unless you’ve got loads of experience with these devices.
Comments