Configuring a SonicWALL Firewall

Introduction

This document describes the configuration of Dell Sonicwall devices based on an TZ100, TZ100W, TZ105, TZ105W, TZ200, TZ200W, TZ205, TZ205W, TZ210, TZ 210W, TZ215, TZ 215W, NSA 220, NSA 220W, NSA 240, NSA 2400, NSA 3500, NSA 4500, NSA 5000, NSA E5500, NSA E6500, NSA E7500, NSA E8500, NSA E8510 for the use with ECLOUD Phone System. This guide is written for Sonicwalls that are configured as Many-to-One NAT. Please note that we cannot assist you in the configuration of your firewall.

Requirements

DELL Sonicwall firewalls require HotFix firmware SonicOS 5.8.1.15o HotFix 152075 or later

Sonicwall NSA-Stack

Step 1: Create Service Objects

In order to configure the SonicWall you need to create the service objects for each Port or Port range that needs to be forwarded. Then place these service objects in a service group after which you have to apply the policies.

  1. Open the Web Management Console of the DELL SonicWall Firewall Gateway and go to Network → Services.
  2. In section “Services” add one service object for each port that ECLOUD requires forwarding for. The full list of default ports required can be found here.
  3. In section “Service Groups” add a new service group named “ECLOUD Services” and add all of the above Service Objects as members.
  4. Now go to Network → Address Object and locate section “Address Objects”.
  5. Here add a new Address Object and set:
  • Name: ECLOUD PBX
  • Zone Assignment: LAN
  • Type: Host
  • IP Address: The LAN IP address of your ECLOUD Server

Step 2: Create NAT Policy

  1. Go to “Network → NAT Policies” and press “Add”.
  2. Create your Inbound NAT policy by filling in the following fields:
  • “General” tab
  • Original Source: Any
  • Translated Source: Original
  • Original Destination: WAN Interface IP
  • Translated Destination: ECLOUD PBX (this is the Address Object created in Step 1)
  • Original Service: ECLOUD Services (this is the Service Group created in Step 1)
  • Translated Service: Original
  • Inbound Interface: Select the WAN interface your ECLOUD Will be using
  • Outbound Interface: Any
  • Comment: ECLOUD Inbound Connections
  • Enable NAT Policy: Checked/Enabled
  1. Press “Add” again to create your Outbound NAT policy by filling in the following fields:
  • “General” tab:
  • Original Source: ECLOUD PBX (this is the Address Object created in Step 1)
  • Translated Source: WAN Interface IP
  • Original Destination: Any
  • Translated Destination: Original
  • Original Service: Any
  • Translated Service: Original
  • Inbound Interface: Any
  • Outbound Interface: Select the WAN interface your ECLOUD Will be using
  • Comment: ECLOUD Outbound Connections
  • Enable NAT Policy: Checked/Enabled
  • “Advanced” tab:
  • Disable Source Port Remap: Checked/Enabled

Step 3: Creating Firewall Access Rules

  1. Go to “Firewall → Access Rules”, select the “WAN to LAN” option and press “Add”.
  2. Create a new Access Rule with the following fields:
  • “General” tab:
  • Action: Allow
  • From Zone: WAN
  • To Zone: LAN
  • Service: ECLOUD Services (this is the Service Group created in Step 1)
  • Source: Any
  • Destination: Select the Address Object of the “WAN/Public IP” you have configured ECLOUD to use
  • Users Allowed: All
  • Schedule: Always on
  • Comment: ECLOUD Inbound Access
  • Allow Fragmented Packets: Checked/Enabled

Step 4: Disable SIP Transformations

  1. Go to ”VoIP → Settings”

  1. In the “SIP Settings” section disable option: Enable SIP Transformations

Step 5: Validating Your Setup

Log into your ECLOUD Management Console → Dashboard → Firewall and run the ECLOUD Firewall Checker. This will validate if your firewall is correctly configured for use with ECLOUD.