Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Migrate from Sonicwall to Pfsense rules question

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      BitLover
      last edited by

      Hi Guys,

      New to Pfsense, used to Sonicwall but for sure want to switch to open source.

      I loaded an Athena Thin Client with an image and it is running smoothly.

      CPU VIA Nehemiah (1 GHZ)
      Hardware Crypto  VIA PAdlock
      RAM 256MB
      1GB Solid State IDE DISK

      As far as I understand atm Sonicwall's:

      Services(ports) can be replaced by Pfsense Alias
      Adress Objects  can be replaced by pfSence Alias

      To make the rules for V2.01 still a bit in a cloud a small example would get me on speed
      so I can power off my SonicWall for good!

      I made a Alias for ports:

      WOW01 3727, 6112, 6881:6999 (those should be open and send to internal IP 192.168.150)

      I think I have to do;

      NAT Port Forward:

      If    Proto  Src. ports Dest. addr    Dest. ports       NAT IP     NAT Ports
      WAN TCP    *    *    192.168.150  WOW01      192.168.150        WOW01

      Firewall Rules:

      Proto  Source  Port Destination  Port Gateway
      TCP        *        *      192.168.2.150  WOW01    *

      But not sure if this is ok ?
      Not easy to come from one firewall and try to understand the new one :-)
      Love to buy that book but is that already at version 2.01 ?

      (btw I needed to spoof my mac from the sonicwall to the Pfsense box to get my ISP going
      and dont have the up/down problem with the nic's)

      So if someone could tell me if this is correct/wrong or should be done in another way:-) that would be super.

      1 Reply Last reply Reply Quote 0
      • marcellocM Offline
        marcelloc
        last edited by

        The nat destination address should be wan interface address. By default a firewall rule is associated when you apply nat port forwad configuration

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • B Offline
          BitLover
          last edited by

          Thanks Marc for the Reply,

          Yup I got it now after I found this explanation of the screen it became clear.
          –---------------------------------------------
          Take traffic entering the chosen interface,
          using the specified protocol,
          initiated from the specified source,
          destinated to the specified destination,
          and redirect it to the specified target IP and port.

          If you understand the above, then  you also understand the power of Pfsense, combined with Alias for Incomming IP's and Ports you can narrow your open port's to the bare minium needed. Most SOHO's and even advanced Firewalls dont have this fine grade filtering  they just open the range of ports for all thats happens to hit them.

          It is running super stable for days already, so bye bye to my other device. ::)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.