Filter
Top Products
245
SonicOS Enhanced 4.0 Administrator Guide
CHAPTER 21
Chapter 21: Configuring NAT Policies
Network > NAT Policies
• “NAT Policies Table” on page 246
• “NAT Policy Settings Explained” on page 248
• “NAT Policies Q&A” on page 249
The Network Address Translation (NAT) engine in SonicOS Enhanced allows users to define
granular NAT polices for their incoming and outgoing traffic. By default, the SonicWALL security
appliance has a preconfigured NAT policy to allow all systems connected to the LAN interface
to perform
many-to-one NAT using the IP address of the WAN interface, and a policy to not perform NAT
when traffic crosses between the other interfaces. This chapter explains how to set up the most
common NAT policies.
Understanding how to use NAT policies starts with an the construction of an IP packet. Every
packet contains addressing information that allows the packet to get to its destination, and for
the destination to respond to the original requester. The packet contains (among other things)
the requester’s IP address, the protocol information of the requestor, and the destination’s IP
address. The NAT Policies engine in SonicOS Enhanced can inspect the relevant portions of
the packet and can dynamically rewrite the information in specified fields for incoming, as well
as outgoing traffic.
You can add up to 512 NAT Policies on a SonicWALL security appliance running SonicOS
Enhanced, and they can be as granular as you need. It’s also possible to create multiple NAT
policies for the same object – for instance, you can specify that an internal server use one IP
address when accessing Telnet servers, and to use a totally different IP address for all other
protocols. Because the NAT engine in SonicOS Enhanced supports inbound port forwarding, it
is possible to hide multiple internal servers off the WAN IP address of the SonicWALL security
appliance. The more granular the NAT Policy, the more precedence it takes.