Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Replicating a Sonicwall NAT rule on PFSense

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 679 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kranitz
      last edited by

      Hi all,

      I'm relatively new to PFSense, but have somehow successfully managed to deploy about twelve of them over the past couple of months without getting myself into trouble… Until now!

      I just replaced a client's SonicWALL with PFSense, and all is working well except one item: Their Shoretel phone app on the LAN side won't communicate with the shoretel server which is on OPT1.

      I've spent a few hours trying to decipher this without success, so I'm reaching out to the pros!

      Here is the lay of the land:
      LAN: 172.17.10.0/24
      OPT1: 192.168.10.0/24

      OPT1 is connected to a switch that is part of it's own environment managed by the phone vendor - I have no access rights to the router or switch. For clarification, the Shoretel server is configured as 192.168.10.10/24, GW: 192.168.10.1

      I have tried creating rules that allow all traffic to pass between interfaces to no avail.

      When I put the PFSense in, the Shoretel client software on the LAN side yields a message "cannot communicate with Shoretel server". If I swap the Sonicwall back in, the client resumes connectivity.

      FYI, I have wiped/reinstalled PFSense on the device. WAN connectivity is great. Everything else seems to be working great.

      I think I have the key, however - I just don't know how to translate it. I found a NAT rule on the Sonicwall called "Magic Nat!". I captured the screenshot and have shared it as Magic NAT.JPG

      In the Sonicwall NAT rule image, X2 Subnet/IP refers to the Shoretel subnet/IP.

      Please help! :)

      Thanks a million in advance

      ![Shoretel Config.jpg](/public/imported_attachments/1/Shoretel Config.jpg)
      ![Shoretel Config.jpg_thumb](/public/imported_attachments/1/Shoretel Config.jpg_thumb)
      ![Magic NAT.JPG](/public/imported_attachments/1/Magic NAT.JPG)
      ![Magic NAT.JPG_thumb](/public/imported_attachments/1/Magic NAT.JPG_thumb)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        That looks like it is probably an outbound NAT rule on the Shoretel (X2) interface:

        Firewall> NAT, Outbound

        If Automatic, enable Hybrid mode and save.

        Interface: Shoretel/X2/Whatever
        Protocol: any
        Source: Network, LAN network subnet/mask
        Destination:  Network, Shoretel/X2/Whatever network subnet/mask
        Translation Address: Interface address

        Essentially means that the shoretel network has no connectivity outside its local subnet so you want all connections to that network to appear to come from something on that subnet. Interface address in that case.

        Nothing magic about it. Just source address translation.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • K
          kranitz
          last edited by

          Yeah! Magic or not, it worked immediately!! :)

          I'm super grateful for your quick help, Derelict!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.