I found way too many explanations for how to configure Sonicwall to forward a an external port to an internal destination. Everyone seems intent on trying to explain too much until I can to this old (2017) one by Sonicwall's M. G. Sriram Iyer. It's like a dream come true, just the specifics of creating the capability. I took notes.
My specific need was to forward traffic on port 9000 to port 9000 on a specific internal system.
Create address object for internal and external addresses
[on my system, this already exists as Default WAN]
[eg, New Internal Address Object points to the internal IP address]
create service definition assigning TCP (or whatever) to the internal port number
[eg, New Internal Port Assignment Service points to port 9000]
create firewall->access to allow traffic, WAN/LAN
service: http
source: any
dest address: address object (eg, Default WAN)
dest service: service object (New Internal Port Assignment Service)
_must be above (priority) any deny rule_
create NAT Policy to translate and forward traffic
orig source: any
orig dest: an address object (Default WAN)
orig service: http
trans source: origin
trans dest: an address object (New Internal Address Object)
trans service: service object (New Internal Port Assignment Service)
inbound interface: X1