Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Teleworker using a SonicWALL 1
- Thread starter edvac
- Start date
-
1
- #2
TW has pretty heavy internal firewall, just open it's IP for all udp and tcp. Besides that you have to assigne a real public IP to the external interface because it uses proprietary MINET protocol with IP addresses in the payload of signaling packets which your firewall (most likely) will not handle properly. So forget about DMZ with internal IPs mapped to external as for WEB and email servers. MINET is multistream protocol, the same as H.323 or SIP, so it opens random ports for voice udp streams during the call setup.
- Thread starter
- #3
Thanks guys, but I now have it working, in the DMZ on a SonicWALL. The reason I need the DMZ, is that the SonicWALL is used for a site-to-site VPN to another Mitel 3300 for voice calls, and now also for the Teleworker. The usage on this is not great, so rather than having two seperate ADSL links, I only require one.
TW built on MAS6000 platform. It has firewall and VPN options as well. So if you cannot have muptiple public IPs on your DSL I'd recommend to make your TW server a border router. As I understood you have managed it to work behind your SonicWALL. Did you do 1:1 translation and assigned your public IP to public interface of the TW? Or assigned internal IP to the public interface in DMZ. Could you describe your experience more detailed?
- Thread starter
- #5
Slapin...
I have a SonicWALL TZ 170 running Enhanced software, which allows the creation of a DMZ on the OPT port.
All that I have done is follow the engineering guidelines for the Teleworker. In which I forwarded the appropriate ports from the WAN to DMZ ... DMZ to LAN etc. If you are familiar with the SonicWALL, I used the "Public Server Wizard" to do this for the WAN to DMZ, so that only the necessary ports are allowed in this zone. And then created "Access Rules" for the DMZ to LAN.
Not only does this MAS have the Teleworker blade, it also has the Mobile Extension blade installed, configured and also working. Which this also needs some extra "Access Rules" in the DMZ to LAN.
I have a SonicWALL TZ 170 running Enhanced software, which allows the creation of a DMZ on the OPT port.
All that I have done is follow the engineering guidelines for the Teleworker. In which I forwarded the appropriate ports from the WAN to DMZ ... DMZ to LAN etc. If you are familiar with the SonicWALL, I used the "Public Server Wizard" to do this for the WAN to DMZ, so that only the necessary ports are allowed in this zone. And then created "Access Rules" for the DMZ to LAN.
Not only does this MAS have the Teleworker blade, it also has the Mobile Extension blade installed, configured and also working. Which this also needs some extra "Access Rules" in the DMZ to LAN.
- Status
Similar threads
