SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE
101
Network > NAT Policies
• Outbound Interface: Any
• Comment: Enter a short description
• Enable NAT Policy: Checked
• Create a reflective policy: Unchecked
Note: Make sure you chose Any as the destination interface, and not the interface that the server is
on. This may seem counter-intuitive, but it’s actually the correct thing to do (if you try to specify the
interface, you get an error).
When done, click on the OK button to add and activate the NAT Policy. With this policy in place, the
SonicWALL security appliance translates the server’s public IP address to the private IP address
when connection requests arrive from the WAN (X1) interface, and translates the requested protocol
(TCP 9000) to the server’s actual listening port (TCP 80).
Finally, you’re going to modify the firewall access rule created in the previous section to allow any
public user to connect to the webserver on the new port (TCP 9000) instead of the server’s actual
listening port (TCP 80).
Note: With previous versions of firmware, it was necessary to write rules to the private IP address.
This has been changed as of SonicOS Enhanced. If you write a rule to the private IP address, the rule
does not work.
Go to the Firewall>Access Rules section and choose the policy for the WAN to Sales zone
intersection (or, whatever zone you put your server in). Click on the Configure button to bring up the
previously created policy. When the pop-up appears, edit in the following values:
•Action: Allow
• Service: webserver_public_port (or whatever you named it above)
• Source: Any
• Destination: webserver_public_ip
• Users Allowed: All
• Schedule: Always on
• Logging: checked
• Comment: (enter a short description)
When you’re done, attempt to access the webserver’s public IP address using a system located on
the public Internet on the new custom port (example: http://67.115.118.70:9000). You should be able
to successfully connect. If not, review this section, and the section before, and ensure that you have
entered in all required settings correctly.
Inbound Port Address Translation via WAN (X1) IP Address
This is one of the more complex NAT policies you can create on a SonicWALL security appliance
running SonicOS Enhanced – it allows you to use the WAN IP address of the SonicWALL security
appliance to provide access to multiple internal servers. This is most useful in situations where your
ISP has only provided a single public IP address, and that IP address has to be used by the
SonicWALL security appliance’s WAN interface.
Below, you create the programming to provide public access to two internal webservers via the
SonicWALL security appliances WAN IP address; each is tied to a unique custom port. In the
following examples, you set up two, but it’s possible to create more than these as long as the ports
are all unique.
In this section, we have five tasks to complete:
1
Create two custom service objects for the unique public ports the servers respond on.