SonicWALL 4500, NSA 5000, 3500 Configuring NAT Policies, Leave Create a reflexive policy unchecked

Page 44

Configuring NAT Policies

NAT policies allow you the flexibility to control Network Address Translation based on matching combinations of Source IP address, Destination IP address and Destination Services. Policy-based NAT allows you to deploy different types of NAT simultaneously. The following NAT configurations are available in SonicOS Enhanced:

Many-to-One NAT Policy

Many-to-Many NAT Policy

One-to-One NAT Policy for Outbound Traffic

One-to-One NAT Policy for Inbound Traffic (Reflexive)

One-to-Many NAT Load Balancing

Inbound Port Address Translation via One-to-One NAT Policy

Inbound Port Address Translation via WAN IP Address

This section describes how to configure a Many-to-One NAT policy. Many-to-One is the most common NAT policy on a SonicWALL security appliance, and allows you to translate a group of addresses into a single address. Most of the time, this means that you are taking an internal “private” IP subnet and translating all outgoing requests into the IP address of the SonicWALL security appliance WAN port, such that the destination sees the request as coming from the IP address of the SonicWALL security appliance WAN port, and not from the internal private IP address.

For other NAT configurations, see the SonicOS Enhanced Administrator’s Guide.

An example configuration illustrates the use of the fields in the Add NAT Policy procedure. To add a Many-to-One NAT policy that allows all systems on the X1 interface to initiate traffic using the SonicWALL security appliance’s WAN IP address, perform the following steps:

1.Navigate to the Network > NAT Policies page. Click Add. The Add NAT Policy dialog box displays.

2.For Original Source, select Any.

3.For Translated Source, select WAN Interface IP.

4.For Original Destination, select Any.

5.For Translated Destination, select Original.

6.For Original Service, select Any.

7.For Translated Service, select Original.

8.For Inbound Interface, select X1.

9.For Outbound Interface, select X1.

10.For Comment, enter a short description.

11.Select the Enable NAT Policy checkbox.

12.Leave Create a reflexive policy unchecked.

13.Click Add.

This policy can be duplicated for subnets behind the other interfaces of the SonicWALL security appliance – just replace the Original Source with the subnet behind that interface, adjust the source interface, and add another NAT policy.

SonicWALL NSA 5000/4500/3500 Getting Started Guide Page 43

Page 43 Page 45
Image 44
Page 43 Page 45
Contents Getting Started Guide Document Contents SonicWALL NSA Getting Started GuideBack SonicWALL NSA SeriesPre-Configuration Tasks This SectionCheck Package Contents Obtain Configuration Information Administrator InformationObtain Internet Service Provider ISP Information Registration InformationFront Panel Power Supply Back Panel8 The Back Panel Registering Your Appliance on mysonicwall.com Before You Register Registering and Licensing Your Appliance on mysonicwall.com Product RegistrationLicensing Security Services and Software Service BundlesGateway Services Support ServicesSonicWALL NSA 5000/4500/3500 Getting Started Guide Registering a Second Appliance as a Backup Registration Next StepsDeployment Scenarios ABC Selecting a Deployment ScenarioScenario a NAT/Route Mode Gateway Scenario B State Sync Pair in NAT/Route Mode Scenario C L2 Bridge Mode System Requirements Initial SetupConnecting the WAN Port Connecting the LAN Port Applying PowerAccessing the Management Interface Accessing the Setup WizardConnecting to Your Network Testing Your ConnectionActivating Licenses in SonicOS Obtaining the Latest Firmware Saving a Backup Copy of Your PreferencesUpgrading Firmware on Your SonicWALL Upgrading the Firmware with Current Settings Upgrading the Firmware with Factory DefaultsUsing SafeMode to Upgrade Firmware On the System Settings page, click Upload New FirmwareUploaded Firmware New Confirmation dialog box, click OK to proceedScenario B Configuring a State Sync Pair in NAT/Route ModeInitial High Availability Setup Navigate to the High Availability Advanced Configuring High AvailabilityConfiguring Advanced HA Settings 30 Configuring a State Sync Pair in NAT/Route Mode Synchronizing Settings Adjusting High Availability Settings Synchronizing FirmwareHA License Configuration Overview Associating Pre-Registered Appliances Click RegisterConnection Overview Configuring L2 Bridge ModeConfiguring the Primary Bridge Interface Configuring the Secondary Bridge Interface IP Assignment drop-down, select Layer 2 Bridged ModeAdditional Deployment Configuration Creating Network Access Rules WAN DMZSonicWALL NSA 5000/4500/3500 Getting Started Guide Creating a NAT Policy SonicWALL NSA 5000/4500/3500 Getting Started Guide Configuring Address Objects Configuring NAT Policies Leave Create a reflexive policy uncheckedEnabling Security Services in SonicOS Enabling Gateway Anti-VirusSonicWALL NSA 5000/4500/3500 Getting Started Guide Security Services Intrusion Prevention page, click Accept Enabling Intrusion Prevention ServicesSecurity Services Gateway Anti-Virus page, click Accept Enabling Anti-Spyware Applying Security Services to Network Zones Updating SonicPoint Firmware Deploying SonicPoints for Wireless AccessConfiguring SonicPoint Provisioning Profiles Select Enable SonicPoint 802.11g Radio tab Select Enable RadioConfiguring a Wireless Zone Assigning an Interface to the Wireless Zone Connecting the SonicPoint Troubleshooting Diagnostic Tools Using Packet CaptureUsing Ping Using the Active Connections Monitor Using Log View Deployment Configuration Reference Checklist For this Task See this ChapterSupport and Training Options Support Services Customer SupportSonicWALL Live Product Demos Knowledge PortalUser Forums Training Related Documentation Product Safety and Regulatory Information Safety and Regulatory Information Lithium Battery WarningRack Mounting the SonicWALL Cable ConnectionsSafety and Regulatory Information in German Weitere Hinweise zur MontageHinweis zur Lithiumbatterie KabelverbindungenFCC Part 15 Class a Notice Canadian Radio Frequency Emissions StatementCispr 22 EN 55022 Class a Regulatory Information for KoreaCopyright Notice Trademarks70 Notes SonicWALL NSA 5000/4500/3500 Getting Started Guide 72 Notes Rev a 01/08
Top Page Image Contents