Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do set up these rules?

    Firewalling
    2
    10
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Disconnect
      last edited by

      Hello all,

      I know these should be easy but I am still having the same problems listed in this topic:
      http://forum.pfsense.org/index.php/topic,18379.15.html

      Specifally I am trying to figure out how to do the following:

      What I did was to ensure that scrub was disabled (it was).  I also chose Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)), setting up rules for ports 50, 500, and 4500, which I understand from other sources are used by the SonicWall client.  Of course, I still have the inbound and outbound firewall rules allowing traffic to and from the VPN server's ip address.  Even at that point, the client would not connect.  The final step, which allowed the connection, was to enter 1500 in the MTU field on the WAN interface. (It is a bit fuzzy, but I first set the MTU to 1300.  The software firewall on the XP client then asked me to approve the outbound connection of the SonicWall Client.  That had never happened before.  I clicked OK to allow the connection, but still had no connection.  It was not until I entered 1500 into the MTU that the connection succeeded.)

      I believe I set up the rules correctly but they aren't working so I am asking as a newbie, how do I set up the filewall rules (please rub my nose in it!) to allow me to connect to an external sonicwall VPN…I mean do I put these rules in WAN or Lan, what should I put in the boxes?

      Thanks for any of your time, I am just getting frustrated by this issue!

      Thanks!

      1 Reply Last reply Reply Quote 0
      • D
        Disconnect
        last edited by

        Hello All, I've set up the following rule in WAN, still can't get out.

        TCP/UDP 201.111.57.11/31 * * 4500 (IPsec NAT-T) *

        TCP/UDP 201.111.57.11/31 * * 500 (ISAKMP) *
        TCP/UDP 201.111.57.11/31 * * 50                 *

        Can anyone give me a hint what I am doing wrong?

        Thanks,!

        1 Reply Last reply Reply Quote 0
        • Cry HavokC
          Cry Havok
          last edited by

          Start from a fresh set of rules and NAT configuration.

          If you do that, can your SonicWall client connect to the remote VPN server?

          1 Reply Last reply Reply Quote 0
          • D
            Disconnect
            last edited by

            No, fresh rules don't…

            What started this road.

            I get the same error mentions in the other coversation referenced in my first post.

            Thanks Cry,

            1 Reply Last reply Reply Quote 0
            • Cry HavokC
              Cry Havok
              last edited by

              What version of pfSense are you using? Can you post screenshots of your firewall rules (LAN and WAN) and your AoN settings.

              1 Reply Last reply Reply Quote 0
              • D
                Disconnect
                last edited by

                @Cry:

                What version of pfSense are you using? Can you post screenshots of your firewall rules (LAN and WAN) and your AoN settings.

                I am using 3.2.1

                All I have are the default rules, that's it.

                1 Reply Last reply Reply Quote 0
                • Cry HavokC
                  Cry Havok
                  last edited by

                  3.2.1? Really? Can I borrow your time machine please!

                  Did you mean 1.2.3 by any chance?

                  1 Reply Last reply Reply Quote 0
                  • D
                    Disconnect
                    last edited by

                    @Cry:

                    3.2.1? Really? Can I borrow your time machine please!

                    Did you mean 1.2.3 by any chance?

                    Yes, shouldn't be playing with my router while replying…

                    ...and of course you can borrow my time machine, as soon as it's out of the shoppe, broken flux capacitor.

                    Hate when that happens!

                    1 Reply Last reply Reply Quote 0
                    • D
                      Disconnect
                      last edited by

                      Yes, I am running 1.2.3

                      1 Reply Last reply Reply Quote 0
                      • D
                        Disconnect
                        last edited by

                        Turned out I didn't have to open any ports or anything, just enabled IPSec and everything started working…

                        Though without any rules, am I opening any security holes in my firewall?

                        Also will this screw up my OpenVPN setup?

                        Thanks!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.