Network > NAT Policies
260
SonicOS Enhanced 4.0 Administrator Guide
Note Make sure you chose Any as the destination interface, and not the interface that the server
is on. This may seem counter-intuitive, but it’s actually the correct thing to do (if you try to
specify the interface, you get an error).
Step 3 When finished, click on the OK button to add and activate the NAT Policy. With this policy in
place, the SonicWALL security appliance translates the server’s public IP address to the private
IP address when connection requests arrive from the WAN interface, and translates the
requested protocol (TCP 9000) to the server’s actual listening port (TCP 80).
Finally, you’re going to modify the firewall access rule created in the previous section to allow
any public user to connect to the webserver on the new port (TCP 9000) instead of the server’s
actual listening port (TCP 80).
Note With previous versions of firmware, it was necessary to write rules to the private IP address.
This has been changed as of SonicOS Enhanced. If you write a rule to the private IP
address, the rule does not work.
Go to the Firewall > Access Rules section and choose the policy for the WAN to Sales zone
intersection (or, whatever zone you put your server in). Click on the Configure button to bring
up the previously created policy. When the pop-up appears, edit in the following values:
• Action: Allow
• Service: webserver_public_port (or whatever you named it above)
• Source: Any
• Destination: webserver_public_ip
• Users Allowed: All
• Schedule: Always on
• Logging: checked
• Comment: (enter a short description)
When you’re done, attempt to access the webserver’s public IP address using a system located
on the public Internet on the new custom port (example: http://67.115.118.70:9000). You
should be able to successfully connect. If not, review this section, and the section before, and
ensure that you have entered in all required settings correctly.
Inbound Port Address Translation via WAN IP Address
This is one of the more complex NAT policies you can create on a SonicWALL security
appliance running SonicOS Enhanced – it allows you to use the WAN IP address of the
SonicWALL security appliance to provide access to multiple internal servers. This is most
useful in situations where your ISP has only provided a single public IP address, and that IP
address has to be used by the SonicWALL security appliance’s WAN interface.
Below, you create the programming to provide public access to two internal webservers via the
SonicWALL security appliances WAN IP address; each is tied to a unique custom port. In the
following examples, you set up two, but it’s possible to create more than these as long as the
ports are all unique.
In this section, we have five tasks to complete:
1. Create two custom service objects for the unique public ports the servers respond on.
2. Create two address objects for the servers’ private IP addresses.