Filter
Top Products
Network > NAT Policies
358
SonicOS 5.8.1 Administrator Guide
You can test the dynamic mapping by installing several systems on the LAN interface (by
default, the X0 interface) at a spread-out range of addresses (for example, 192.168.10.10,
192.168.10.100, and 192.168.10.200) and accessing the public Website http://
www.whatismyip.com from each system. Each system should display a different IP address
from the range we created and attached to the NAT policy.
Creating a One-to-One NAT Policy for Outbound Traffic
One-to-One NAT for outbound traffic is another common NAT policy on a SonicWALL security
appliance for translating an internal IP address into a unique IP address. This is useful when
you need specific systems, such as servers, to use a specific IP address when they initiate
traffic to other destinations. Most of the time, a NAT policy such as this One-to-One NAT policy
for outbound traffic is used to map a server’s private IP address to a public IP address, and it
is paired with a reflective (mirror) policy that allows any system from the public Internet to
access the server, along with a matching firewall access rule that permits this. Reflective NAT
policies are covered in the next section.
This policy is easy to set up and activate. Select Network > Address Objects and click on the
Add button at the bottom of the screen. In the Add Address Object window, enter a description
for server’s private IP address in the Name field. Choose Host from the Type menu, enter the
server’s private IP address in the IP Address field, and select the zone that the server assigned
from the Zone Assignment menu. Click OK. Then, create another object in the Add Address
Object window for the server’s public IP address and with the correct values, and select WAN
from Zone Assignment menu. When done, click on the OK button to create the range object.
Next, select Network > NAT Policies and click on the Add button to display the Add NAT
Policy window. To create a NAT policy to allow the Web server to initiate traffic to the public
Internet using its mapped public IP address, choose the following from the drop-down menus:
• Original Source: webserver_private_ip
• Translated Source: webserver_public_ip
• Original Destination: Any
• Translated Destination: Original
• Original Service: Any
• Translated Service: Original
• Inbound Interface: X2
• Outbound Interface: X1
• Comment: Enter a short description
• Enable NAT Policy: Checked
• Create a reflective policy: Checked (Cannot be applied when “Translated Destination:
Original” is selected)
When done, click on the OK button to add and activate the NA
T Policy. With this policy in place,
the SonicWALL security appliance translates the server’s private IP address to the public IP
address when it initiates traffic out the WAN interface (by default, the X1 interface).
You can test the One-to-One mapping by opening up a Web browser on the server and
accessing the public Website http://www.whatismyip.com. The Website should display the
public IP address we attached to the private IP address in the NAT policy we just created.