SonicWALL 2.5 Benutzerhandbuch
S
ONIC
WALL S
ONIC
OS E
NHANCED
2.5 A
DMINISTRATOR
’
S
G
UIDE
93
Network > NAT Policies
C
H A P T E R
15
Chapter 15:
Configuring NAT Policies
Network > NAT Policies
The Network Address Translation (NAT) engine in SonicOS Enhanced allows users to define granular
NAT polices for their incoming and outgoing traffic. By default, the SonicWALL security appliance has
a preconfigured NAT policy to allow all systems connected to the X0 (LAN) interface to perform
many-to-one NAT using the IP address of the X1 (WAN) interface, and a policy to not perform NAT
when traffic crosses between the other interfaces. This chapter explains how to set up the most
common NAT policies.
NAT polices for their incoming and outgoing traffic. By default, the SonicWALL security appliance has
a preconfigured NAT policy to allow all systems connected to the X0 (LAN) interface to perform
many-to-one NAT using the IP address of the X1 (WAN) interface, and a policy to not perform NAT
when traffic crosses between the other interfaces. This chapter explains how to set up the most
common NAT policies.
Understanding how to use NAT policies starts with an the construction of an IP packet. Every packet
contains addressing information that allows the packet to get to its destination, and for the destination
to respond to the original requester. The packet contains (among other things) the requester’s IP
address, the protocol information of the requestor, and the destination’s IP address. The NAT Policies
engine in SonicOS Enhanced can inspect the relevant portions of the packet and can dynamically
rewrite the information in specified fields for incoming, as well as outgoing traffic.
contains addressing information that allows the packet to get to its destination, and for the destination
to respond to the original requester. The packet contains (among other things) the requester’s IP
address, the protocol information of the requestor, and the destination’s IP address. The NAT Policies
engine in SonicOS Enhanced can inspect the relevant portions of the packet and can dynamically
rewrite the information in specified fields for incoming, as well as outgoing traffic.
You can add up to 512 NAT Policies on a SonicWALL security appliance running SonicOS Enhanced,
and they can be as granular as you need. It’s also possible to create multiple NAT policies for the
same object – for instance, you can specify that an internal server use one IP address when
accessing Telnet servers, and to use a totally different IP address for all other protocols. Because the
NAT engine in SonicOS Enhanced supports inbound port forwarding, it is possible to hide multiple
internal servers off the WAN IP address of the SonicWALL security appliance. The more granular the
NAT Policy, the more precedence it takes.
and they can be as granular as you need. It’s also possible to create multiple NAT policies for the
same object – for instance, you can specify that an internal server use one IP address when
accessing Telnet servers, and to use a totally different IP address for all other protocols. Because the
NAT engine in SonicOS Enhanced supports inbound port forwarding, it is possible to hide multiple
internal servers off the WAN IP address of the SonicWALL security appliance. The more granular the
NAT Policy, the more precedence it takes.