SonicWALL Internet Security Appliances Network Address Translation (NAT), Nodes

Page 266 SonicWALL Internet Security Appliance Administrator’s Guide

The IP addressing sy stem allows subnetworks or “interchanges” to be created an d device numbers

or “extensions” to be establis hed within thes e subnetwo rks. These num bers are cre ated using a

mathematical device called a sub net mask. A subn et mask, like the IP ad dress, is a set of four

numbers in dotted decimal notation. Subnet masks typically take three forms:

• 255.0.0.0

• 255.255.0.0

• 255.255.255.0

The number 255 “masks” out the corresponding number of the IP address, resulting in IP address

numbers that are valid for the network. For example, an IP address of 123.45.67.89 and a subnet

mask of 255.255.255.0 r e su lts in a sub network number of 123.45 .67.0 and a device number of

89. The IP address numbers that are actually valid to use are those assigned by InterNIC. Otherwise,

anyone could set up IP addresses that are duplicates of those at another company.

The subnet mask used for the network typically corresponds to the class of IP address assigned. If

the IP address is Class A, it uses a sub net mask of 255.0.0.0. Class B addresses use a subne t mask

of 255.255.0.0, and Cl ass C IP addresses use a subnet mask of 255.255.255.0.

A default gateway is like a long distance operator. Users can dial the operator to get assistance

connecting to the end party. In complex networks with many subnetworks, gateways keep traffic

from traveling between different subnetworks unless addressed to travel there. While this helps to

keep overall network traffic more manageable, it also introduces another level of complexity.

To communicate with a device on another network, one must go through a gateway that connects

the two networks. Therefore, us ers must know the defau lt gat eway IP addr ess. If t here is no gateway

in the network, use an IP address of 0.0.0.0 in fields that apply to a default gateway.

Network Address Translation (NAT)

NAT hides internal IP ad dresses by converting all internal host IP addresses to the IP address of the

firewall as packets are routed through the firewall. T he firewall then re transmi ts the data payl oad of

the internal host from its own address using a translation table to keep track of which sockets on

the exterior interface equate to which sockets on the interior interface. To the Internet, all of the

traffic on the network appears to come from the same computer.

Nodes

A node is a device, such as a PC or a printer, on a network with an IP address. The feature chart

shows how many node licenses for PCs or printers are included with a SonicWALL Internet Security

appliance. The TELE3 has a non-upgradeable 5-node license, but the SOHO3 is upgradeable up to

have 10, 50, or an un limited number of node license s. The PRO 100, PRO 200, and P RO 300 have

an unlimited number of node licenses.

The TELE3, SOHO3-10, and SOHO3- 50 allow a maximum of 5, 10, or 50 LAN IP addr esses,

respectively, to exist on the LAN (Local Area Network). The licenses for the nodes are counted

cumulatively, not simultaneously. When the SonicWALL is tu rned on and c onfigur ed, the S onicWALL