Filter
Top Products
Network > NAT Policies
359
SonicOS 5.8.1 Administrator Guide
Creating a One-to-One NAT Policy for Inbound Traffic (Reflective)
Note If “Translated Destination: Original” is selected in the NAT Policy Settings, this section does
not apply because the “Create a reflective policy” checkbox is greyed out.
This is the mirror policy for the one created in the previous section when you check Create a
reflective policy. It allows you to translate an external public IP addresses into an internal
private IP address. This NAT policy, when paired with a ‘permit’ access policy, allows any
source to connect to the internal server using the public IP address; the SonicWALL security
appliance handles the translation between the private and public address. With this policy in
place, the SonicWALL security appliance translates the server’s public IP address to the private
IP address when connection requests arrive via the WAN interface (by default, the X1
interface).
Below, you create the entry as well as the rule to allow HTTP access to the server. You need
to create the access policy that allows anyone to make HTTP connections to the Web server
via the Web server’s public IP address.
Note With previous versions of firmware, it was necessary to write rules to the private IP address.
This has been changed as of SonicOS Enhanced. If you write a rule to the private IP
address, the rule does not work.
Go to the Firewall > Access Rules page and choose the policy for the ‘WAN’ to ‘Sales’ zone
intersection (or, whatever zone you put your server in). Click on the ‘Add…’ button to bring up
the pop-up access policy screen. When the pop-up appears, enter in the following values:
• Action: Allow
• Service: HTTP
• Source: Any
• Destination: Webserver_public_ip
• Users Allowed: All
• Schedule: Always on
• Logging: Checked
• Comment: (Enter a short description)
When you are done, attempt to access the Web server’s public IP address using a system
located
on the public Internet. You should be able to successfully connect. If not, review this
section, and the section before, and ensure that you have entered in all required settings
correctly.