How to setup and use Port Forwarding & NAT in your Sonicwall

When it comes to trying to configure something that should be simple like “PORT FORWARDING” in a more complicated corporate firewall, like Dell’s SonicWall, it can sometimes be a bit difficult. There are many guides online that are needlessly complex, and some that are confusing and not helpful at all. I ended up combining a few until I was able to work out a process of my own that seems to work best.


Port forwarding would take traffic coming in to the modem, and FORWARD it along to a specific host (computer) within the network. Remote desktop, for instance, normally listens on port 3389. But, let’s say for example you want to change the port you’re using for Remote Desktop, and say you even have multiple computers you want to configure. Rather than go into the registry of each computer and change the listening port, we can do everything we need to do in the firewall. So not only will we be FORWARDING the traffic, we will ALSO be using Network Address Translation (NAT) to change the port before it leaves the firewall.


So for this example, the computers are both listening on the default Remote Desktop Port of 3389, but when I’m traveling, I want to be able to connect to Remote1 by using the port number 65501, and I want to connect to the computer Remote2 by using 65502.


Here’s what to do:

  1. Log in to your Sonicwall (obviously).
  2. Click Firewall on the left.
  3. Click Service Objects on the left.
  4. SCROLL DOWN so that you do not add a group, and click on the Add button under Services.
  5. In the Window that comes up, give it a name (Remote1 for example), change the Protocol to TCP(6), and where it says port range, type the single first you want to use as both the beginning and end port number (65501- 65501). Click add, and repeat these steps for Remote2, 65502-65502.
  6. Once your Service Objects are added, click the “Wizards” button in the upper right of the page.
    • Select Public Server Wizard and click Next.
    • Change the server type to Other and select Remote1, then click Next.
    • Give it a Server Name (I just used Remote1 again), and enter the internal IP address of the machine you’re passing the services through to (the internal IP, 192.168.x.x). You can skip the comment and click Next.
    • This next window should be filled in automatically, if it is, just click Next. If it’s not you can specify your public IP, then click Next.
    • Click Apply. Then click Close.
    • If necessary, click the add wizard button in the upper right again and repeat for Remote2
    • .

  7. Almost done! Next, click on Network on the left.
  8. Click on NAT Policies underneath Network.
  9. I use Control+F to Find Remote1 on the page, then find the one that STARTs with “ANY” on the far left first column, says “Original” in the third column, and then Remote1 Private in the fourth column, and Remote1 Services in the fifth column. Click the EDIT pencil icon to the right of that item.
  10. Near the bottom of the list in the window that pops up, change the Translated Service from Original to Remote Desktop. Nothing else should change. Click OK.
  11. Once again, repeat for Remote2 if necessary.


And you’re done! ***Keep in mind*** that if your Modem is a Modem/Router combo, like something from Verizon, then your “external IP address” in the second to last bullet point under step 6 should be your internal address that was assigned to your SonicWALL from your modem, and then you’ll need to get in to your Verizon modem’s settings and configure the more simplified port forwarding to forward ports to the SonicWALL. You can do these as a group; for example: you could configure port forwarding in the modem to forward the port range 65501-65502 to the SonicWALL’s IP address, and the SonicWALL will treat them as individual services and know which machine (Remote1 or Remote2) to pass the data along to.


Port forwarding is very abstract for many people, and extra complicated through SonicWALL, so I certainly hope I was able to help you out, today!