Article Applies To:
Affected SonicWALL Security Appliance Platforms:
Gen5: NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 240
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
TZ series: TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 W, TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless.
Firmware/Software Version: All SonicOS Enhanced versions.
Services: Custom Port (custom Services).
SonicOS Enhanced supports an expanded IP protocol support to allow users to create services and access rules based on these protocols. See “Supported Protocols” section below for a complete listing of support IP protocols.
Services are used by the SonicWALL security appliance to configure network access rules for allowing or denying traffic to the network. The SonicWALL security appliance includes Default Services. Default Services are predefined services that are not editable. And you can also create Custom Services to configure firewall services to meet your specific business
Please Note: For increased convenience and accessibility, the Services page can be accessed either from Firewall > Services or Network > Services. The page is identical regardless of which tab it is accessed through.
All custom services you create are listed in the Custom Services table. You can group custom services by creating a Custom Services Group for easy policy enforcement. If a protocol is not listed in the Default Services table, you can add it to the Custom Services table by clicking Add.
Step 1: Enter the name of the service in the Name field.
Step 2: Select the type of IP protocol from the Protocol pull-down menu.
Step 3: Enter the Port Range or IP protocol Sub Type depending on your IP protocol selection:
– For TCP and UDP protocols, specify the Port Range. You will not need to specify a Sub Type.
– On SonicWALL NSA series appliances, for ICMP, IGMP, OSPF and PIMSM protocols, select from the Sub Type pull-down menu for sub types.
– For the remaining protocols, you will not need to specify a Port Range or Sub Type.
Step 4: Click OK. The service appears in the Custom Services table.
Click the Enable Logging checkbox to disable or enable the logging of the service activities.
UTM: How to Open non-standard port (custom service) to a server behind the SonicWALL in SonicOS Enhanced?
The following IP protocols are available for custom services:
• ICMP (1)—(Internet Control Message Protocol) A TCP/IP protocol used to send error and control messages.
• IGMP (2)—(Internet Group Management Protocol) The protocol that governs the management of multicast groups in a TCP/IP network.
• TCP (6)—(Transmission Control Protocol) The TCP part of TCP/IP. TCP is a transport protocol in TCP/IP. TCP ensures that a message is sent accurately and in its entirety.
• UDP (17)—(User Datagram Protocol) A protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required.
• GRE (47)—(Generic Routing Encapsulation) A tunneling protocol used to encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to firewalls or routing devices over an IP Internetwork.
• ESP (50)—(Encapsulated Security Payload) A method of encapsulating an IP datagram inside of another datagram employed as a flexible method of data transportation by IPsec.
• AH (51)—(Authentication Header) A security protocol that provides data authentication and optional anti-relay services. AH is embedded in the data to be protected (a full IP datagram).
• EIGRP (88)—(Enhanced Interior Gateway Routing Protocol) Advanced version of IGRP. Provides superior convergence properties and operating efficiency, and combines the advantages of link state protocols with those of distance vector protocols.
• OSPF (89)—(Open Shortest Path First) A routing protocol that determines the best path for routing IP traffic over a TCP/IP network based on distance between nodes and several quality parameters. OSPF is an interior gateway protocol (IGP), which is designed to work within an autonomous system. It is also a link state protocol that provides less router to router update traffic than the RIP protocol (distance vector protocol) that it was designed to replace.
• PIMSM (103)—(Protocol Independent Multicast Sparse Mode) One of two PIM operational modes (dense and sparse). PIM sparse mode tries to constrain data distribution so that a minimal number of routers in the network receive it. Packets are sent only if they are explicitly requested at the RP (rendezvous point). In sparse mode, receivers are widely distributed, and the assumption is that downstream networks will not necessarily use the datagrams that are sent to them. The cost of using sparse mode is its reliance on the periodic refreshing of explicit join messages and its need for RPs.
• L2TP (115)—(Layer 2 Tunneling Protocol) A protocol that allows a PPP session to run over the Internet. L2TP does not include encryption, but defaults to using IPsec in order to provide virtual private network (VPN) connections from remote users to the corporate LAN.