SonicWALL TZ 190 Manuale Utente
Network > NAT Policies
256
SonicOS Enhanced 4.0 Administrator Guide
You can test the dynamic mapping by installing several systems on the LAN interface at a
spread-out range of addresses (for example, 192.168.10.10, 192.168.10.100, and
192.168.10.200) and accessing the public website
spread-out range of addresses (for example, 192.168.10.10, 192.168.10.100, and
192.168.10.200) and accessing the public website
system. Each system should display a different IP address from the range we created and
attached to the NAT policy.
attached to the NAT policy.
Creating a One-to-One NAT Policy for Outbound Traffic
One-to-One NAT for outbound traffic is another common NAT policy on a SonicWALL security
appliance for translating an internal IP address into a unique IP address. This is useful when
you need specific systems, such as servers, to use a specific IP address when they initiate
traffic to other destinations. Most of the time, a NAT policy such as this one-to-one NAT policy
for outbound traffic is used to map a server’s private IP address to a public IP address, and it’s
paired with a reflective (mirror) policy that allows any system from the public Internet to access
the server, along with a matching firewall access rule that permits this. Reflective NAT policies
are covered in the next section.
appliance for translating an internal IP address into a unique IP address. This is useful when
you need specific systems, such as servers, to use a specific IP address when they initiate
traffic to other destinations. Most of the time, a NAT policy such as this one-to-one NAT policy
for outbound traffic is used to map a server’s private IP address to a public IP address, and it’s
paired with a reflective (mirror) policy that allows any system from the public Internet to access
the server, along with a matching firewall access rule that permits this. Reflective NAT policies
are covered in the next section.
This policy is easy to set up and activate. Select Network > Address Objects and click on the
Add button at the bottom of the screen. In the Add Address Object window, enter a description
for server’s private IP address in the Name field. Choose Host from the Type menu, enter the
server’s private IP address in the IP Address field, and select the zone that the server assigned
from the Zone Assignment menu. Click OK. Then, create another object in the Add Address
Object window for the server’s public IP address and with the correct values, and select WAN
from Zone Assignment menu. When done, click on the OK button to create the range object.
Add button at the bottom of the screen. In the Add Address Object window, enter a description
for server’s private IP address in the Name field. Choose Host from the Type menu, enter the
server’s private IP address in the IP Address field, and select the zone that the server assigned
from the Zone Assignment menu. Click OK. Then, create another object in the Add Address
Object window for the server’s public IP address and with the correct values, and select WAN
from Zone Assignment menu. When done, click on the OK button to create the range object.
Next, select Network > NAT Policies and click on the Add button to display the Add NAT
Policy window. To create a NAT policy to allow the webserver to initiate traffic to the public
Internet using its mapped public IP address, choose the following from the drop-down menus:
Policy window. To create a NAT policy to allow the webserver to initiate traffic to the public
Internet using its mapped public IP address, choose the following from the drop-down menus:
•
Original Source: webserver_private_ip
•
Translated Source: webserver_public_ip
•
Original Destination: Any
•
Translated Destination: Original
•
Original Service: Any
•
Translated Service: Original
•
Inbound Interface: Opt
•
Outbound Interface: WAN
•
Comment: Enter a short description
•
Enable NAT Policy: Checked
•
Create a reflective policy: Checked
When done, click on the OK button to add and activate the NAT Policy. With this policy in place,
the SonicWALL security appliance translates the server’s private IP address to the public IP
address when it initiates traffic out the WAN interface.
the SonicWALL security appliance translates the server’s private IP address to the public IP
address when it initiates traffic out the WAN interface.
You can test the one-to-one mapping by opening up a web browser on the server and accessing
the public website
the public website
. The website should display the public IP
address we attached to the private IP address in the NAT policy we just created.