Creating A Nat Policy - SonicWALL NSA 240 Getting Started Manual

Creating a NAT Policy

The Network Address Translation (NAT) engine in SonicOS
Enhanced allows users to define granular NAT policies for their
incoming and outgoing traffic. By default, the SonicWALL
security appliance has a preconfigured NAT policy to perform
Many-to-One NAT between the systems on the LAN and the IP
address of the WAN interface. The appliance does not perform
NAT by default when traffic crosses between the other
interfaces.
You can create multiple NAT policies on a SonicWALL running
SonicOS Enhanced for the same object – for instance, you can
specify that an internal server uses one IP address when
accessing Telnet servers, and uses a different IP address for all
other protocols. Because the NAT engine in SonicOS Enhanced
supports inbound port forwarding, it is possible to access
multiple internal servers from the WAN IP address of the
SonicWALL security appliance. The more granular the NAT
Policy, the more precedence it takes.
Before configuring NAT Policies, you must create all Address
Objects that will be referenced by the policy. For instance, if you
are creating a One-to-One NAT policy, first create Address
Objects for your public and private IP addresses.
Address Objects are one of four object classes (Address, User,
Service, and Schedule) in SonicOS Enhanced. Once you define
an Address Object, it becomes available for use wherever
applicable throughout the SonicOS management interface. For
example, consider an internal Web server with an IP address of
67.115.118.80. Rather than repeatedly typing in the IP address
when constructing Access Rules or NAT Policies, you can
create an Address Object to store the Web server's IP address.
This Address Object, "My Web Server," can then be used in any
configuration screen that employs Address Objects as a
defining criterion.
Since there are multiple types of network address expressions,
there are currently the following Address Objects types:
• Host – Host Address Objects define a single host by its IP
address.
• Range – Range Address Objects define a range of
contiguous IP addresses.
• Network – Network Address Objects are like Range
objects in that they comprise multiple hosts, but rather than
being bound by specified upper and lower range delimiters,
the boundaries are defined by a valid netmask.
• MAC Address – MAC Address Objects allow for the
identification of a host by its hardware address or MAC
(Media Access Control) address.
• FQDN Address – FQDN Address Objects allow for the
identification of a host by its Fully Qualified Domain Names
(FQDN), such as www.sonicwall.com.
SonicOS Enhanced provides a number of default Address
Objects that cannot be modified or deleted. You can use the
default Address Objects when creating a NAT policy, or you can
create custom Address Objects to use. All Address Objects are
available in the drop-down lists when creating a NAT policy.
SonicWALL NSA 240 Getting Started Guide Page 51