Configuring NAT Policies

NAT policies allow you the flexibility to control Network Address Translation based on matching combinations of Source IP address, Destination IP address and Destination Services. Policy-based NAT allows you to deploy different types of NAT simultaneously. The following NAT configurations are available in SonicOS Enhanced:

Many-to-One NAT Policy

Many-to-Many NAT Policy

One-to-One NAT Policy for Outbound Traffic

One-to-One NAT Policy for Inbound Traffic (Reflexive)

One-to-Many NAT Load Balancing

Inbound Port Address Translation via One-to-One NAT Policy

Inbound Port Address Translation via WAN IP Address

This section describes how to configure a Many-to-One NAT policy. Many-to-One is the most common NAT policy on a SonicWALL security appliance, and allows you to translate a group of addresses into a single address. Most of the time, this means that you are taking an internal “private” IP subnet and translating all outgoing requests into the IP address of the SonicWALL security appliance WAN port, such that the destination sees the request as coming from the IP address of the SonicWALL security appliance WAN port, and not from the internal private IP address.

For other NAT configurations, see the SonicOS Enhanced Administrator’s Guide.

An example configuration illustrates the use of the fields in the Add NAT Policy procedure. To add a Many-to-One NAT policy that allows all systems on the X1 interface to initiate traffic using the SonicWALL security appliance’s WAN IP address, perform the following steps:

1.Navigate to the Network > NAT Policies page. Click Add. The Add NAT Policy dialog box displays.

2.For Original Source, select Any.

3.For Translated Source, select WAN Interface IP.

4.For Original Destination, select Any.

5.For Translated Destination, select Original.

6.For Original Service, select Any.

7.For Translated Service, select Original.

8.For Inbound Interface, select X1.

9.For Outbound Interface, select X1.

10.For Comment, enter a short description.

11.Select the Enable NAT Policy checkbox.

12.Leave Create a reflexive policy unchecked.

13.Click Add.

This policy can be duplicated for subnets behind the other interfaces of the SonicWALL security appliance – just replace the Original Source with the subnet behind that interface, adjust the source interface, and add another NAT policy.

SonicWALL NSA 5000/4500/3500 Getting Started Guide Page 43

Page 43 Page 45
Page 44
Image 44
SonicWALL 4500, NSA 5000, 3500 manual Configuring NAT Policies, Leave Create a reflexive policy unchecked
Page 43 Page 45
Top Page Image Contents