Network > NAT Policies
259
SonicOS Enhanced 4.0 Administrator Guide
–
IP Address: The network IP address for the devices to be load balanced (in the
topology shown in Figure 18.1, this is 192.168.200.1)
• Original Service: HTTPS
• Translated Service: HTTPS
• Inbound Interface: Any
• Outbound Interface: Any
• Comment: Descriptive text, such as SSLVPN LB
• Enable NAT Policy: Checked
• Create a reflective policy: Unchecked
Inbound Port Address Translation via One-to-One NAT Policy
This type of NAT policy is useful when you want to conceal an internal server’s real listening
port, but provide public access to the server on a different port. In the example below, you
modify the NAT policy and rule created in the previous section to allow public users to connect
to the private webserver on its public IP address, but via a different port (TCP 9000), instead
of the standard HTTP port (TCP 80).
Step 1 Create a custom service for the different port. Go to the Firewall > Custom Services page and
select the Add button. When the pop-up screen appears, give your custom service a name such
as webserver_public_port, enter in 9000 as the starting and ending port, and choose TCP(6)
as the protocol. When done, click on the OK button to save the custom service.
Step 2 Modify the NAT policy created in the previous section that allowed any public user to connect
to the webserver on its public IP address. Go to the Network > NAT Policies menu and click
on the Edit button next to this NAT policy. The Edit NAT Policy window is displayed for editing
the policy. Edit the NAT policy so that it includes the following from the drop-down menus:
• Original Source: Any
• Translated Source: Original
• Original Destination: webserver_public_ip
• Translated Destination: webserver_private_ip
• Original Service: webserver_public_port (or whatever you named it above)
• Translated Service: HTTP
• Inbound Interface: WAN
• Outbound Interface: Any
• Comment: Enter a short description
• Enable NAT Policy: Checked
• Create a reflective policy: Unchecked