SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
Network > NAT Policies
362
SonicOS 5.8.1 Administrator Guide
Note Make sure you chose Any as the destination interface, and not the interface that the server
is on. This may seem counter-intuitive, but it is actually the correct thing to do (if you try to
specify the interface, you get an error).
Step 3 When finished, click on the OK button to add and activate the NAT Policy. With this policy in
place, the SonicWALL security appliance translates the server’s public IP address to the private
IP address when connection requests arrive from the WAN interface (by default, the X1
interface), and translates the requested protocol (TCP 9000) to the server’s actual listening port
(TCP 80).
Finally, you’re going to modify the firewall access rule created in the previous section to allow
any public user to connect to the Web server on the new port (TCP 9000) instead of the server’s
actual listening port (TCP 80).
Note With previous versions of the SonicOS firmware, it was necessary to write rules to the
private IP address. This has been changed as of SonicOS Enhanced. If you write a rule to
the private IP address, the rule does not work.
Go to the Firewall > Access Rules section and choose the policy for the WAN to Sales zone
intersection (or, whatever zone you put your server in). Click on the Configure button to bring
up the previously created policy. When the pop-up appears, edit in the following values:
Action: Allow
Service: server_public_port (or whatever you named it above)
Source: Any
Destination: webserver_public_ip
Users Allowed: All
Schedule: Always on
Logging: checked
Comment: (enter a short description)
When you’re done, attempt to access the Web server
’s public IP address using a system
located on the public Internet on the new custom port (example: http://67.115.118.70:9000).
You should be able to successfully connect. If not, review this section, and the section before,
and ensure that you have entered in all required settings correctly.
Inbound Port Address Translation via WAN IP Address
This is one of the more complex NAT policies you can create on a SonicWALL security
appliance running SonicOS Enhanced – it allows you to use the WAN IP address of the
SonicWALL security appliance to provide access to multiple internal servers. This is most
useful in situations where your ISP has only provided a single public IP address, and that IP
address has to be used by the SonicWALL security appliance’s WAN interface (by default, the
X1 interface).
Below, you create the programming to provide public access to two internal Web servers via
the SonicWALL security appliances WAN IP address; each is tied to a unique custom port. In
the following examples, you set up two, but it is possible to create more than these as long as
the ports are all unique.