Support User Manuals

SonicWALL 5.8.1 Microscope & Magnifier User Manual

Open as PDF

of 1490

Network > NAT Policies

361

SonicOS 5.8.1 Administrator Guide

• Translated Destination: Select Create new address object... to bring up the Add

Address Object screen.

–

Name: A descriptive name, such as mySSLVPN

–

Zone assignment: LAN

–

Type: Host

–

IP Address: The IP addresses for the devices to be load balanced (in the topology

shown above, this is 192.168.200.10, 192.168.200.20, and 192.168.200.30.)

• Original Service: HTTPS

• Translated Service: HTTPS

• Inbound Interface: Any

• Outbound Interface: Any

• Comment: Descriptive text, such as SSLVPN LB

• Enable NAT Policy: Checked

• Create a reflective policy: Unchecked

Inbound Port Address Translation via One-to-One NAT Policy

This type of NAT policy is useful when you want to conceal an internal server’s real listening

port, but provide public access to the server on a different port. In the example below, you

modify the NAT policy and rule created in the previous section to allow public users to connect

to the private Web server on its public IP address, but via a different port (TCP 9000), instead

of the standard HTTP port (TCP 80).

Step 1 Create a custom service for the different port. Go to the Firewall > Custom Services page and

select the Add button. When the pop-up screen appears, give your custom service a name such

as webserver_public_port, enter in 9000 as the starting and ending port, and choose TCP(6)

as the protocol. When done, click on the OK button to save the custom service.

Step 2 Modify the NAT policy created in the previous section that allowed any public user to connect

to the Web server on its public IP address. Go to the Network > NAT Policies menu and click

on the Edit button next to this NAT policy. The Edit NAT Policy window is displayed for editing

the policy. Edit the NAT policy so that it includes the following from the drop-down menus:

• Original Source: Any

• Translated Source: Original

• Original Destination: webserver_public_ip

• Translated Destination: webserver_private_ip

• Original Service: webserver_public_port (or whatever you named it above)

• Translated Service: HTTP

• Inbound Interface: X1

• Outbound Interface: Any

• Comment: Enter a short description

• Enable NAT Policy: Checked

• Create a reflective policy: Unchecked

previous next