SonicWALL 4500, NSA 5000, 3500 manual Creating a NAT Policy

Page 41

4.Click on the Advanced tab.

•If you would like for the access rule to timeout after a different period of TCP inactivity, set the amount of time, in minutes, in the TCP Connection Inactivity Timeout (minutes) field. The default value is 15 minutes.

•If you would like for the access rule to timeout after a different period of UDP inactivity, set the amount of time, in minutes, in the UDP Connection Inactivity Timeout (minutes) field. The default value is 30 minutes.

•Specify the number of connections allowed as a percent of maximum number of connections allowed by the SonicWALL security appliance in the Number of connections allowed (% of maximum connections) field.

•Select Create a reflexive rule if you want to create a matching access rule to this one in the opposite direction--from your destination zone or address object to your source zone or address object.

5.Click on the QoS tab if you want to apply DSCP or 802.1p Quality of Service coloring/marking to traffic governed by this rule. See the SonicOS Enhanced Administrator’s Guide for more information on managing QoS marking in access rules.

6.Click OK to add the rule.

Creating a NAT Policy

The Network Address Translation (NAT) engine in SonicOS Enhanced allows users to define granular NAT policies for their incoming and outgoing traffic. By default, the SonicWALL security appliance has a preconfigured NAT policy to allow all systems connected to the LAN interface to perform Many-to- One NAT using the IP address of the WAN interface, and a policy to not perform NAT when traffic crosses between the other interfaces.

You can create multiple NAT policies on a SonicWALL running SonicOS Enhanced for the same object – for instance, you can specify that an internal server use one IP address when accessing Telnet servers, and to use a totally different IP address for all other protocols. Because the NAT engine in SonicOS Enhanced supports inbound port forwarding, it is possible to hide multiple internal servers off the WAN IP address of the SonicWALL security appliance. The more granular the NAT Policy, the more precedence it takes.

Page 40 Creating a NAT Policy

Image 41

Contents Getting Started Guide SonicWALL NSA Getting Started Guide Document ContentsSonicWALL NSA Series BackThis Section Pre-Configuration TasksCheck Package Contents Administrator Information Obtain Configuration InformationObtain Internet Service Provider ISP Information Registration InformationFront Panel Back Panel Power Supply8 The Back Panel Registering Your Appliance on mysonicwall.com Before You Register Product Registration Registering and Licensing Your Appliance on mysonicwall.comService Bundles Licensing Security Services and SoftwareGateway Services Support ServicesSonicWALL NSA 5000/4500/3500 Getting Started Guide Registration Next Steps Registering a Second Appliance as a BackupDeployment Scenarios Selecting a Deployment Scenario ABCScenario a NAT/Route Mode Gateway Scenario B State Sync Pair in NAT/Route Mode Scenario C L2 Bridge Mode System Requirements Initial SetupConnecting the WAN Port Applying Power Connecting the LAN PortAccessing the Setup Wizard Accessing the Management InterfaceTesting Your Connection Connecting to Your NetworkActivating Licenses in SonicOS Obtaining the Latest Firmware Saving a Backup Copy of Your PreferencesUpgrading Firmware on Your SonicWALL Upgrading the Firmware with Factory Defaults Upgrading the Firmware with Current SettingsUsing SafeMode to Upgrade Firmware On the System Settings page, click Upload New FirmwareConfirmation dialog box, click OK to proceed Uploaded Firmware NewScenario B Configuring a State Sync Pair in NAT/Route ModeInitial High Availability Setup Navigate to the High Availability Advanced Configuring High AvailabilityConfiguring Advanced HA Settings 30 Configuring a State Sync Pair in NAT/Route Mode Synchronizing Settings Synchronizing Firmware Adjusting High Availability SettingsHA License Configuration Overview Click Register Associating Pre-Registered AppliancesConnection Overview Configuring L2 Bridge ModeConfiguring the Primary Bridge Interface IP Assignment drop-down, select Layer 2 Bridged Mode Configuring the Secondary Bridge InterfaceAdditional Deployment Configuration WAN DMZ Creating Network Access RulesSonicWALL NSA 5000/4500/3500 Getting Started Guide Creating a NAT Policy SonicWALL NSA 5000/4500/3500 Getting Started Guide Configuring Address Objects Leave Create a reflexive policy unchecked Configuring NAT PoliciesEnabling Gateway Anti-Virus Enabling Security Services in SonicOSSonicWALL NSA 5000/4500/3500 Getting Started Guide Security Services Intrusion Prevention page, click Accept Enabling Intrusion Prevention ServicesSecurity Services Gateway Anti-Virus page, click Accept Enabling Anti-Spyware Applying Security Services to Network Zones Updating SonicPoint Firmware Deploying SonicPoints for Wireless AccessConfiguring SonicPoint Provisioning Profiles 802.11g Radio tab Select Enable Radio Select Enable SonicPointConfiguring a Wireless Zone Assigning an Interface to the Wireless Zone Connecting the SonicPoint Using Packet Capture Troubleshooting Diagnostic ToolsUsing Ping Using the Active Connections Monitor Using Log View For this Task See this Chapter Deployment Configuration Reference ChecklistSupport and Training Options Customer Support Support ServicesKnowledge Portal SonicWALL Live Product DemosUser Forums Training Related Documentation Product Safety and Regulatory Information Lithium Battery Warning Safety and Regulatory InformationRack Mounting the SonicWALL Cable ConnectionsWeitere Hinweise zur Montage Safety and Regulatory Information in GermanHinweis zur Lithiumbatterie KabelverbindungenCanadian Radio Frequency Emissions Statement FCC Part 15 Class a NoticeCispr 22 EN 55022 Class a Regulatory Information for KoreaTrademarks Copyright Notice70 Notes SonicWALL NSA 5000/4500/3500 Getting Started Guide 72 Notes Rev a 01/08