Filter
Top Products
SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE
99
Network > NAT Policies
You can test the dynamic mapping by installing several systems on the LAN (X0) interface at a
spread-out range of addresses (for example, 192.168.10.10, 192.168.10.100, and 192.168.10.200)
and accessing the public website http://www.whatismyip.com from each system. Each system should
display a different IP address from the range we created and attached to the NAT policy.
Creating a One-to-One NAT Policy for Outbound Traffic
One-to-One NAT for outbound traffic is another common NAT policy on a SonicWALL security
appliance for translating an internal IP address into a unique IP address. This is useful when you
need specific systems, such as servers, to use a specific IP address when they initiate traffic to other
destinations. Most of the time, a NAT policy such as this one-to-one NAT policy for outbound traffic is
used to map a server’s private IP address to a public IP address, and it’s paired with a reflective
(mirror) policy that allows any system from the public Internet to access the server, along with a
matching firewall access rule that permits this. Reflective NAT policies are covered in the next
section.
This policy is easy to set up and activate. Select Network>Address Objects and click on the Add
button at the bottom of the screen. In the Add Address Object window, enter a description for
server’s private IP address in the Name field. Choose Host from the Type menu, enter the server’s
private IP address in the IP Address field, and select the zone that the server assigned from the
Zone Assignment menu. Click OK. Then, create another object in the Add Address Object window
for the server’s public IP address and with the correct values, and select WAN from Zone
Assignment menu. When done, click on the OK button to create the range object.
Next, select Network>NAT Policies and click on the Add button to display the Add NAT Policy
window. To create a NAT policy to allow the webserver to initiate traffic to the public Internet using its
mapped public IP address, choose the following from the drop-down menus:
• Original Source: webserver_private_ip
• Translated Source: webserver_public_ip
• Original Destination: Any
• Translated Destination: Original
• Original Service: Any
• Translated Service: Original
• Inbound Interface: X3
• Outbound Interface: X1
• Comment: Enter a short description
• Enable NAT Policy: Checked
• Create a reflective policy: Checked
When done, click on the OK button to add and activate the NAT Policy. With this policy in place, the
SonicWALL security appliance translates the server’s private IP address to the public IP address
when it initiates traffic out the WAN (X1) interface.
You can test the one-to-one mapping by opening up a web browser on the server and accessing the
public website http://www.whatismyip.com. The website should display the public IP address we
attached to the private IP address in the NAT policy we just created.
Creating a One-to-One NAT Policy for Inbound Traffic (Reflective)
This is the mirror policy for the one created in the previous section when you check Create a
reflective policy. It allows you to translate an external public IP addresses into an internal private IP
address. This NAT policy, when paired with a ‘permit’ access policy, allows any source to connect to
the internal server using the public IP address; the SonicWALL security appliance handles the