![Generate Generate](/uploads/1/2/5/6/125635931/244208741.png)
Hi EE,I want to ping an internal host from the internet. I can ping the external interface of the Sonic firewall (FW) but I want to make sure that the ping is nated across to win7 host machine on the internal network on ip adddress 192.168.1.4Say the external interface on the FW is 199.5.43.3 as an example. (which I can ping)The host machine (192.168.1.4) is on the internal network 192.168.1.0/24How shall I configure the FW so that I can achieve:1. Ping from external source to reach 192.168.1.42. How do I know that it 192.168.1.4 is responding with an echo reply.Thanks EE.
Hi Daera,You have to create a WAN LAN firewall rule, service would be ping. Create an Address Object for the device you want to ping. I'd also create a static DHCP address for this internal device as well so it's always available. Then create a NAT policy any original source to the Adress Object using ping as the service. That's it!Let me know how it goes out if you need more help in setting this up. I'm in my mobile now but I can give you step-by-step instructions tomorrow when I'm in front of a computer.P.S. Make sure the Windows 7 host can accept ping.
Control Panel firewall advanced incoming rules.make sure ping is allowed or disable win 7 firewall for testing. I can ping the host from the FW so I guess, ping is allowed to go to the host and back.This is what I'd expect. You can Ping your host from the FW by default but this doesn't mean data flow is symmetrical, in other words this doesn't mean Ping is bidirectional since outbound traffic is not filtered by default. Ping the host to FW should fail without configuration.In order to make this work you will need SonicOS Enhanced. What version is your SOnicOS?
(you can find this by logging into the FW and go to System Status next to Firmware Version:) e.g. SonicOS Enhanced 5.8.1.13-1oIn case you have an enhanced version here are the step-by-steps:1.
Create an Inbound Firewall Rule for Ping. Thanks,I tried below but got an error as.4 is already in the DHCP range that the FW is dishing out.
Is it good then to re-scope the dhcp range so that.4 is not in that range and then recreate the static entry.The other confusing thing is that there is a box to tick which says 'Enable this DHCP Scope'. I didnt tick it as it is a static entry.2. Create the Static Address for Win7 Host (192.168.1.4)Go to Network DHCP Server.Under DHCP Server Lease Scopes, click Add Static button.Type in the Entry Name: (what ever you want to identify the static address), Static IP Address: (192.168.1.4), Ethernet Address: (type MAC address), Interface Pre-Populate: (check & select X0 or LAN).Click OK. Precisely, SonicWALL does not handle reservations how other providers might. The DHCP is the pool for non-static IPs. Statics should always be outside that, so you should either re-scope the DHCP or change the static IP so its outside of the DHCP scope.What is acting as the DHCP server currently?You should have a check next to Enable DHCP Server and a check next to Enable Conflict Detection. If no server has this role you will want to enable the DCHP Dynamic Range you have created.
Once you create a DHCP Range (scope), regardless of if its enabled or not, the firewall will see it and will cause this error message again if you overlap the IP addresses.
If we create the rule and try connecting to RDP, we're going to run into a problem since the traffic will go through the Firewall but won't know where to go from there. As far as the traffic is concerned, it reached it's destination (50.50.50.12)! The SonicWALL has to. 8 SonicOS Enhanced Packet Capture. The status field shows the state of the packet with respect to the firewall. A packet can be dropped, generated, consumed or forwarded by the SonicWALL appliance. You can position the mouse pointer over dropped or consumed packets to.
That answer is a little confusing, you said to go to firewall rules WAN-LAN, but then add a rule LAN-WAN.If you are unfamiliar with setting the firewall rules, the easiest method is to just use the public server wizard. The server type will be set to other, then choose the custom service for your RDP port. Server IP will be set to private IP address of RDP computer.
![Sonicwall Sonicwall](http://help.sonicwall.com/help/sw/eng/9600/26/2/3/content/images/monitor_filter.png)
Public IP is your public IP.and voila it makes all the rules for you.I'm pretty sure it defaults the rules to allowing anyone to access that non-standard RDP port, so you change the firewall rule to only allow admins or whatever.