Sonicwall Port Forwarding and LAN WAN Rules Basics

Sonicwall Port Forwarding is used in small and large businesses everywhere.  We broke down the topic a further so you are not scratching your head over it.


How to Enable Port Forwarding

Open up Ports

Sonicwall Router Port Forwarding Sonicwall Port Forwarding


  • Add Service
  • Add Address Object



Sonicwall Port Forwarding

WAN to LAN Access Rules

By default, the SonicWALL security appliance’s stateful packet inspection allows all communication from the LAN to the Internet.

No Outgoing Ports are not blocked

Ie email delivery for SMTP relay.  By default, all outgoing port services are not blocked by Sonicwall.  Restart your device if it is not delivering messages after a Sonicwall replacement.

Traffic to LAN Blocked

The following behaviors are defined by the “Default” stateful inspection packet access rule enabled in the SonicWALL security appliance:

Allow all sessions originating from the LAN, WLAN to the WAN, or DMZ (except when the destination WAN IP address is the WAN interface of the SonicWALL appliance itself)
Allow all sessions originating from the DMZ to the WAN.
Deny all sessions originating from the WAN to the DMZ.
Deny all sessions originating from the WAN and DMZ to the LAN or WLAN.




  • NAT – Many to One NAT
    ***Need to talk public to private IP

This is the most common NAT policy on a SonicWall, and allows you to translate a group of addresses into a single address. Most of the time, this means that you’re taking an internal “private” IP subnet and translating all outgoing requests into the IP address of the SonicWall’s WAN port, such that the destination sees the request as coming from the IP address of the SonicWall’s WAN port, and not from the internal private IP address.  View more info on the NAT topic here.





Sonicwall Port Forwarding Summary

Leave a Reply

Your email address will not be published. Required fields are marked *