Filter
Top Products
Network > NAT Policies
360
SonicOS 5.8.1 Administrator Guide
Configuring One-to-Many NAT Load Balancing
One-to-Many NAT policies can be used to persistently load balance the translated destination
using the original source IP address as the key to persistence. For example, SonicWALL
security appliances can load balance multiple SonicWALL SSL VPN appliances, while still
maintaining session persistence by always balancing clients to the correct destination SSL
VPN. The following figure shows a sample topology and configuration.
To configure One-to-Many NAT load balancing, first go to the Firewall > Access Rules page
and choose the policy for WAN to LAN. Click on the Add… button to bring up the pop-up
access policy screen. When the pop-up appears, enter in the following values:
• Action: Allow
• Service: HTTPS
• Source: Any
• Destination: WAN Primary IP
• Users Allowed: All
• Schedule: Always on
• Comment: Descriptive text, such as SSLVPN LB
• Logging: Checked
• Allow Fragmented Packets: Unchecked
Next, create the following NAT policy by selecting Network > NA
T Policies and clicking on the
Add... button:
• Original Source: Any
• Translated Source: Original
• Original Destination: WAN Primary IP
X1
SSL-VPN 200
link/act
10/100
SSL VPN (192.168.200.0/24) LAN (192.168.168.0/24)
Internet Host
204.20.30.40
Internet Host
66.1.2.3
Server 1
192.168.168.10
192.168.200.10 192.168.200.20
192.168.200.30
Server 2
192.168.168.20
Server 3
192.168.168.30
Internet Host
217.8.9.10
X0 (LAN):
X1 (WAN):
X2 (SSL VPN):
SSl VPN AO Group “mySSLVPN”
192.168.200.10 host
192.168.200.20 host
192.168.200.30 host
Access Rule
NAT Policy
OrigSrc:
TransSrc:
OrigDst:
TransDst:
Service:
192.168.168.168/24
10.0.0.2/16 (Gateway 10.0.0.1)
192.168.200.1/24
Any
Orig
WAN Primary IP
“mySSLVPN”
HTTPS
WAN -> LAN Allow Any to Primary WAN IP : HTTPS
Gateway SonicWALL Configuration
Internet