SonicWALL TZ 190 Creating a One-to-One NAT Policy for Outbound Traffic

Network > NAT Policies

256

SonicOS Enhanced 4.0 Administrator Guide

You can test the dynamic mapping by installing several systems on the LAN interface at a

spread-out range of addresses (for example, 192.168.10.10, 192.168.10.100, and

192.168.10.200) and accessing the public website http://www.whatismyip.com from each

system. Each system should display a different IP address from the range we created and

attached to the NAT policy.

Creating a One-to-One NAT Policy for Outbound Traffic

One-to-One NAT for outbound traffic is another common NAT policy on a SonicWALL security

appliance for translating an internal IP address into a unique IP address. This is useful when

you need specific systems, such as servers, to use a specific IP address when they initiate

traffic to other destinations. Most of the time, a NAT policy such as this one-to-one NAT policy

for outbound traffic is used to map a server’s private IP address to a public IP address, and it’s

paired with a reflective (mirror) policy that allows any system from the public Internet to access

the server, along with a matching firewall access rule that permits this. Reflective NAT policies

are covered in the next section.

This policy is easy to set up and activate. Select Network > Address Objects and click on the

Add button at the bottom of the screen. In the Add Address Object window, enter a description

for server’s private IP address in the Name field. Choose Host from the Type menu, enter the

server’s private IP address in the IP Address field, and select the zone that the server assigned

from the Zone Assignment menu. Click OK. Then, create another object in the Add Address

Object window for the server’s public IP address and with the correct values, and select WAN

from Zone Assignment menu. When done, click on the OK button to create the range object.

Next, select Network > NAT Policies and click on the Add button to display the Add NAT

Policy window. To create a NAT policy to allow the webserver to initiate traffic to the public

Internet using its mapped public IP address, choose the following from the drop-down menus:

• Original Source: webserver_private_ip

• Translated Source: webserver_public_ip

• Original Destination: Any

• Translated Destination: Original

• Original Service: Any

• Translated Service: Original

• Inbound Interface: Opt

• Outbound Interface: WAN

• Comment: Enter a short description

• Enable NAT Policy: Checked

• Create a reflective policy: Checked

When done, click on the OK button to add and activate the NAT Policy. With this policy in place,

the SonicWALL security appliance translates the server’s private IP address to the public IP

address when it initiates traffic out the WAN interface.

You can test the one-to-one mapping by opening up a web browser on the server and accessing

the public website http://www.whatismyip.com. The website should display the public IP

address we attached to the private IP address in the NAT policy we just created.