Network > NAT Policies
SonicOS Enhanced 4.0 Administrator Guide
to translate all LAN systems to the WAN IP Address, then create a policy saying that a specific
system on that LAN use a different IP address, and additionally, create a policy saying that
specific use another IP address when using HTTP.
Can I have multiple NAT policies for the same objects?
Yes – please read the section above.
What are the NAT ‘System Polices’?
On the Network > NAT Policies page, notice a radio button labeled System Polices. If you
choose this radio button, the NAT Polices page displays all of the default, auto-created NAT
policies for the SonicWALL security appliance. These policies are default settings for the
SonicWALL security appliance to operate properly, and cannot be deleted. For this reason, they
are listed in their own section, in order to make the user-created NAT policies easier to browse.
If you wish to see user-created NAT policies along with the default NAT policies, simply check
the radio button next to ‘All Policies’.
Can I write NAT policies for VPN traffic?
Yes, this is possible if both sides of the VPN tunnel are SonicWALL security policies running
SonicOS Enhanced firmware. Please refer to the technote SonicOS Enhanced NAT VPN
Overlap for instructions on how to perform NAT on traffic entering and exiting VPN tunnels.
Available at
Why do I have to write two policies for 1-2-1 traffic?
With the new NAT engine, it’s necessary to write two policies – one to allow incoming requests
to the destination public IP address to reach the destination private IP address (uninitiated
inbound), and one to allow the source private IP address to be remapped to the source public
IP address (initiated outbound). It takes a bit more work, but it’s a lot more flexible.
NAT Load Balancing Overview
This section provides an introduction to the NAT Load Balancing feature. It contains the
following subsections:
• “NAT LB Mechanisms” on page 251
• “Which NAT LB Method Should I Use?” on page 252
• “Caveats” on page 252
• “Details of Load Balancing Algorithms” on page 253
Network Address Translation (NAT) & Load Balancing (LB) provides the ability to balance
incoming traffic across multiple, similar network resources. Do not confuse this with the WAN
ISP & LB feature on the SonicWALL appliance. While both features can be used in conjunction,
WAN ISP & LB is used to balance outgoing traffic across two ISP connections, and NAT LB is
primarily used to balance incoming traffic.
Load Balancing distributes traffic among similar network resources so that no single server
becomes overwhelmed, allowing for reliability and redundancy. If one server becomes
unavailable, traffic is routed to available resources, providing maximum uptime.