Dell sonicwall woes, unmatched mapping.

Discussion in '3CX Phone System - General' started by hogan71088, Sep 22, 2016.

Thread Status:
Not open for further replies.
  1. hogan71088

    Joined:
    Nov 30, 2015
    Messages:
    60
    Likes Received:
    3
    Having great difficulty getting our dell sonicwall to correctly work with 3cx v15, have followed the 3cx guide and everything seems correct but getting an unmatched mapping on everything.

    Firmware version is: SonicOS Enhanced 5.9.1.7-2o

    Source port remap is disabled. Can anyone please help?
     
  2. 3CXusername

    3CXusername New Member

    Joined:
    Jul 31, 2014
    Messages:
    183
    Likes Received:
    16
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. hogan71088

    Joined:
    Nov 30, 2015
    Messages:
    60
    Likes Received:
    3
    The hotfix according to dell support is included in the current firmware version...
     
  4. sjp_crs

    Joined:
    Sep 19, 2016
    Messages:
    34
    Likes Received:
    0
    I can confirm 5.9.1.7-2o works fine. There is an addition setting you have to set tho.

    On the OUTBOUND rule, under the ADVANCED tab, you should have the 'Disable Source Port Remap' option checked.

    If that doesn't help, PM me and I'll shoot you some screenshots from my own setup that works fine now that I upgraded to 5.9.1.7-2o
     
  5. sjp_crs

    Joined:
    Sep 19, 2016
    Messages:
    34
    Likes Received:
    0
    PM Sent - although it seems to be sat in the outbox...
     
  6. hogan71088

    Joined:
    Nov 30, 2015
    Messages:
    60
    Likes Received:
    3
    Same here, feel free to post here if you can.
     
  7. sjp_crs

    Joined:
    Sep 19, 2016
    Messages:
    34
    Likes Received:
    0
    Ok, lets see how this works ;)

    First I made sure the upgrade worked properly, and I was on the right firmware :
    Attachment_1

    Next, I created all the ports I needed in Firewall-Service Objects
    Attachment_2

    Then I added the ports to a Service Group to make life easier.
    Attachment_3

    I then created two NAT rules using the 'Create a Reflexive Policy' option on the first page. Make sure you CHECK the box, I took the screenshot and forgot to have it checked ;)
    Attachment_4

    Once the rules were complete, they look like this in the Nat Policies

    Outbound :
    Attachment_5
    Attachment_6


    Inbound :
    Attachment_7
    Attachment_8


    Once you apply the rules, check in the NAT-Policies list to ensure that your inbound/outbound NAT-Policies for 3CX occur BEFORE any general NAT policies - otherwise you'll never get to the 3CX one (Sonicwall does top-down processing, once it matches, it stops processing). So if you have a general outbound Any-Wan Primary IP NAT policy (which is pretty normal) then make sure your 3CX outbound policy occurs BEFORE the general one. Line 8 on my firewall has the 'disable source port remap' option set.

    7 Any - Original - Wan Primary IP - 3CX PBX - 3CX Ports - Original
    (Inbound, on the 3CX ports, forward to the PBX and leave the source IP and port unchanged)

    8 3CX PBX - WAN Primary IP - Any - Original - Any - Original
    (Outbound, from the PBX, translate the source to the WAN IP, leave the ports as is (Source Port remap disable))

    9 Any - Wan Primary IP - Any - Original - Any - Original
    (Outbound, Anything from any, Hide behind the WAN IP, leave the ports as is (but source port remap is allowed)

    I can now perform the firewall test without issue, and all ports come back Green.

    Let me know if that helps !!

    Steve
     

    Attached Files:

    • 2.jpg
      2.jpg
      File size:
      106.9 KB
      Views:
      165
    • 3.jpg
      3.jpg
      File size:
      63.2 KB
      Views:
      159
    • 4.jpg
      4.jpg
      File size:
      8.9 KB
      Views:
      164
    • 5.jpg
      5.jpg
      File size:
      75.9 KB
      Views:
      168
    • 6.jpg
      6.jpg
      File size:
      74.8 KB
      Views:
      168
    • 7.jpg
      7.jpg
      File size:
      78.1 KB
      Views:
      162
    • 8.jpg
      8.jpg
      File size:
      75.9 KB
      Views:
      161
    • firmware_1.jpg
      firmware_1.jpg
      File size:
      75.6 KB
      Views:
      141
  8. hogan71088

    Joined:
    Nov 30, 2015
    Messages:
    60
    Likes Received:
    3
    Thank you so much for taking time to post that.
     
  9. sjp_crs

    Joined:
    Sep 19, 2016
    Messages:
    34
    Likes Received:
    0
    No problem - hopefully it gives you enough to get it working :)
     
  10. dirk02@stiegele.de

    Joined:
    Oct 21, 2009
    Messages:
    1
    Likes Received:
    0
    Thank you for bringing in the screenshots und descriptions.
    It helped me a lot!

    Thumbs up! :)
     
  11. Brian Cross

    Brian Cross New Member

    Joined:
    Jul 26, 2017
    Messages:
    109
    Likes Received:
    27
    You also have to use the first static IP in your assigned block. Or at least up until a year ago. Wasted hours of my life troubleshooting that issue.
     
Thread Status:
Not open for further replies.