Creating a NAT Policy | 48
Creating a NAT Policy
The Network Address Translation (NAT) engine in SonicOS
allows users to define granular NAT policies for their incoming
and outgoing traffic. By default, the Dell SonicWALL appliance
has a preconfigured NAT policy to allow all systems connected
to the LAN interface to perform Many-to-One NAT using the IP
address of the WAN interface, and a policy to not perform NAT
when traffic crosses between the other interfaces.
You can create multiple NAT policies on a Dell SonicWALL
appliance running SonicOS for the same object – for instance,
you can specify that an internal server use one IP address when
accessing Telnet servers, and to use a totally different IP
address for all other protocols. Because the NAT engine in
SonicOS supports inbound port forwarding, it is possible to hide
multiple internal servers off the WAN IP address of the Dell
SonicWALL appliance. The more granular the NAT Policy, the
more precedence it takes.
Before configuring NAT Policies, you must create all Address
Objects associated with the policy. For instance, if you are
creating a One-to-One NAT policy, first create Address Objects
for your public and private IP addresses.
Address Objects are one of four object classes (Address, User,
Service and Schedule) in SonicOS. These Address Objects
allow for entities to be defined one time, and to be re-used in
multiple referential instances throughout the SonicOS interface.
For example, take an internal Web server with an IP address of
67.115.118.80. Rather than repeatedly typing in the IP address
when constructing Access Rules or NAT Policies, Address
Objects allow you to create a single entity called “My Web
Server” as a Host Address Object with an IP address of
67.115.118.80. This Address Object, “My Web Server”, can then
be easily and efficiently selected from a drop-down menu in any
configuration screen that employs Address Objects as a
defining criterion.
Since there are multiple types of network address expressions,
there are currently the following Address Objects types:
• Host—Host Address Objects define a single host by its IP
address.
• Range—Range Address Objects define a range of
contiguous IP addresses.
• Network—Network Address Objects are like Range objects in
that they comprise multiple hosts, but rather than being bound
by specified upper and lower range delimiters, the boundaries
are defined by a valid netmask.
• MAC Address—MAC Address Objects allow for the
identification of a host by its hardware address or MAC (Media
Access Control) address.
• FQDN Address—FQDN Address Objects allow for the
identification of a host by its Fully Qualified Domain Names
(FQDN), such as www.sonicwall.com.