SonicWALL TZ 190 Manuale Utente
Network > NAT Policies
250
SonicOS Enhanced 4.0 Administrator Guide
to translate all LAN systems to the WAN IP Address, then create a policy saying that a specific
system on that LAN use a different IP address, and additionally, create a policy saying that
specific use another IP address when using HTTP.
system on that LAN use a different IP address, and additionally, create a policy saying that
specific use another IP address when using HTTP.
Can I have multiple NAT policies for the same objects?
Yes – please read the section above.
What are the NAT ‘System Polices’?
On the Network > NAT Policies page, notice a radio button labeled System Polices. If you
choose this radio button, the NAT Polices page displays all of the default, auto-created NAT
policies for the SonicWALL security appliance. These policies are default settings for the
SonicWALL security appliance to operate properly, and cannot be deleted. For this reason, they
are listed in their own section, in order to make the user-created NAT policies easier to browse.
If you wish to see user-created NAT policies along with the default NAT policies, simply check
the radio button next to ‘All Policies’.
choose this radio button, the NAT Polices page displays all of the default, auto-created NAT
policies for the SonicWALL security appliance. These policies are default settings for the
SonicWALL security appliance to operate properly, and cannot be deleted. For this reason, they
are listed in their own section, in order to make the user-created NAT policies easier to browse.
If you wish to see user-created NAT policies along with the default NAT policies, simply check
the radio button next to ‘All Policies’.
Can I write NAT policies for VPN traffic?
Yes, this is possible if both sides of the VPN tunnel are SonicWALL security policies running
SonicOS Enhanced firmware. Please refer to the technote SonicOS Enhanced NAT VPN
Overlap for instructions on how to perform NAT on traffic entering and exiting VPN tunnels.
Available at
SonicOS Enhanced firmware. Please refer to the technote SonicOS Enhanced NAT VPN
Overlap for instructions on how to perform NAT on traffic entering and exiting VPN tunnels.
Available at
.
Why do I have to write two policies for 1-2-1 traffic?
With the new NAT engine, it’s necessary to write two policies – one to allow incoming requests
to the destination public IP address to reach the destination private IP address (uninitiated
inbound), and one to allow the source private IP address to be remapped to the source public
IP address (initiated outbound). It takes a bit more work, but it’s a lot more flexible.
to the destination public IP address to reach the destination private IP address (uninitiated
inbound), and one to allow the source private IP address to be remapped to the source public
IP address (initiated outbound). It takes a bit more work, but it’s a lot more flexible.
NAT Load Balancing Overview
This section provides an introduction to the NAT Load Balancing feature. It contains the
following subsections:
following subsections:
•
•
•
•
Network Address Translation (NAT) & Load Balancing (LB) provides the ability to balance
incoming traffic across multiple, similar network resources. Do not confuse this with the WAN
ISP & LB feature on the SonicWALL appliance. While both features can be used in conjunction,
WAN ISP & LB is used to balance outgoing traffic across two ISP connections, and NAT LB is
primarily used to balance incoming traffic.
incoming traffic across multiple, similar network resources. Do not confuse this with the WAN
ISP & LB feature on the SonicWALL appliance. While both features can be used in conjunction,
WAN ISP & LB is used to balance outgoing traffic across two ISP connections, and NAT LB is
primarily used to balance incoming traffic.
Load Balancing distributes traffic among similar network resources so that no single server
becomes overwhelmed, allowing for reliability and redundancy. If one server becomes
unavailable, traffic is routed to available resources, providing maximum uptime.
becomes overwhelmed, allowing for reliability and redundancy. If one server becomes
unavailable, traffic is routed to available resources, providing maximum uptime.