SonicWALL E6500 manual Creating a NAT Policy

Page 46

5.Click on the QoS tab if you want to apply DSCP or 802.1p Quality of Service coloring/marking to traffic governed by this rule. See the SonicOS Enhanced Administrator’s Guide for more information on managing QoS marking in access rules.

6.Click OK to add the rule.

Creating a NAT Policy

The Network Address Translation (NAT) engine in SonicOS Enhanced allows users to define granular NAT policies for their incoming and outgoing traffic. By default, the SonicWALL security appliance has a preconfigured NAT policy to allow all systems connected to the LAN interface to perform Many-to- One NAT using the IP address of the WAN interface, and a policy to not perform NAT when traffic crosses between the other interfaces.

You can create multiple NAT policies on a SonicWALL running SonicOS Enhanced for the same object – for instance, you can specify that an internal server use one IP address when accessing Telnet servers, and to use a totally different IP address for all other protocols. Because the NAT engine in SonicOS Enhanced supports inbound port forwarding, it is possible to hide multiple internal servers off the WAN IP address of the SonicWALL security appliance. The more granular the NAT Policy, the more precedence it takes.

Before configuring NAT Policies, you must create all Address Objects associated with the policy. For instance, if you are creating a One-to-One NAT policy, first create Address Objects for your public and private IP addresses.

Address Objects are one of four object classes (Address, User, Service and Schedule) in SonicOS Enhanced. These Address Objects allow for entities to be defined one time, and to be re- used in multiple referential instances throughout the SonicOS interface. For example, take an internal Web server with an IP address of 67.115.118.80. Rather than repeatedly typing in the IP address when constructing Access Rules or NAT Policies, Address Objects allow you to create a single entity called “My Web Server” as a Host Address Object with an IP address of 67.115.118.80. This Address Object, “My Web Server”, can then be easily and efficiently selected from a drop-down menu in any configuration screen that employs Address Objects as a defining criterion.

Since there are multiple types of network address expressions, there are currently the following Address Objects types:

Host – Host Address Objects define a single host by its IP address.

Range – Range Address Objects define a range of contiguous IP addresses.

Network – Network Address Objects are like Range objects in that they comprise multiple hosts, but rather than being bound by specified upper and lower range delimiters, the boundaries are defined by a valid netmask.

SonicWALL NSA E6500 Getting Started Guide Page 45

Page 45 Page 47
Image 46
Page 45 Page 47
Contents NSA E6500 Getting Started Guide Document Contents SonicWALL NSA E6500Front SonicWALL NSA E6500Pre-Configuration Tasks This SectionCheck Package Contents Obtain Internet Service Provider ISP Information Obtain Configuration InformationAdministrator Information Registration InformationFront Panel LCD ScreenBack Panel Front Bezel Control Features LCD Control ButtonsMain Menu StatusConfigure SafeMode Configuration OptionsRestart Screen-SaverFront Bezel Configuration Example LAN IP ConfigurationRegistering Your Appliance Before You Register Registering and Licensing Your Appliance on mysonicwall.com Product RegistrationLicensing Security Services and Software Gateway ServicesSonicWALL NSA E6500 Getting Started Guide Registering a Second Appliance as a Backup Registration Next StepsDeployment Scenarios ABC Selecting a Deployment ScenarioScenario a NAT/Route Mode Gateway Scenario B State Sync Pair in NAT/Route Mode Scenario C L2 Bridge Mode Connecting the WAN Port Initial SetupSystem Requirements Connecting the LAN Port Applying PowerAccessing the Management Interface Accessing the Setup WizardConnecting to Your Network Testing Your ConnectionActivating Licenses in SonicOS Upgrading Firmware on Your SonicWALL Saving a Backup Copy of Your PreferencesObtaining the Latest Firmware Using SafeMode to Upgrade Firmware Upgrading the FirmwareAdditional Deployment Configuring a State Sync Pair in NAT/Route Mode Initial High Availability SetupConfiguring High Availability Configuring Advanced HA Settings34 Configuring a State Sync Pair in NAT/Route Mode Synchronizing Settings Adjusting High Availability Settings Synchronizing FirmwareHA License Configuration Overview Your Appliance on mysonicwall.comAssociating Pre-Registered Appliances Configuring the Primary Bridge Interface Configuring L2 Bridge ModeConnection Overview Configuring the Secondary Bridge Interface IP Assignment drop-down, select Layer 2 Bridged ModeAdditional Deployment Configuration Creating Network Access Rules An Introduction to Zones and InterfacesSonicWALL NSA E6500 Getting Started Guide 44 Creating Network Access Rules Creating a NAT Policy Configuring Address Objects Configuring NAT Policies Applying Security Services to Zones Enabling Security Services in SonicOSGateway Anti-Virus Intrusion Prevention Anti-Spyware Troubleshooting Diagnostic Tools Using Packet CaptureUsing Ping Using the Active Connections Monitor Using Log View Deployment Configuration Reference Checklist For this Task See this Chapter54 Deployment Configuration Reference Checklist Support and Training Options Customer Support Knowledge PortalUser Forums Training Related Documentation Dynamic Tooltips SonicWALL Live Product DemosSonicWALL NSA E6500 Getting Started Guide 62 SonicWALL Live Product Demos Rack Mounting Instructions Rack Mounting Instructions SSEMBLEMTHEL3LIDET2AIL  &ASTEN TWOSIDEDISCREWSWTOOTHETRAIL SSEMBLEMNNERE2AILITOO#HASSIS NSERTT#HASSISATOO&RAME  3LIDEIINNER CHANNELEINTOORAILS 68 Rack Mounting Instructions Product Safety and Regulatory Information Safety and Regulatory Information Rack Mounting the SonicWALLHinweis zur Lithiumbatterie FCC Part 15 Class a Notice Copyright Notice TrademarksPage SonicWALL NSA E6500 Getting Started Guide Page Protection AT the Speed of Business
Top Page Image Contents