Справочник Пользователя для SonicWALL 5.8.1
Network > NAT Policies
352
SonicOS 5.8.1 Administrator Guide
Why Do I Have to Write Two Policies for 1-2-1 Traffic?
With the new NAT engine, it is necessary to write two policies – one to allow incoming requests
to the destination public IP address to reach the destination private IP address (uninitiated
inbound), and one to allow the source private IP address to be remapped to the source public
IP address (initiated outbound). It takes a bit more work, but it is a lot more flexible.
to the destination public IP address to reach the destination private IP address (uninitiated
inbound), and one to allow the source private IP address to be remapped to the source public
IP address (initiated outbound). It takes a bit more work, but it is a lot more flexible.
NAT Load Balancing Overview
This section provides an introduction to the NAT Load Balancing feature. It contains the
following subsections:
following subsections:
•
•
•
•
Network Address Translation (NAT) & Load Balancing (LB) provides the ability to balance
incoming traffic across multiple, similar network resources. Do not confuse this with the WAN
ISP & LB feature on the SonicWALL appliance. While both features can be used in conjunction,
WAN ISP & LB is used to balance outgoing traffic across two ISP connections, and NAT LB is
primarily used to balance incoming traffic.
incoming traffic across multiple, similar network resources. Do not confuse this with the WAN
ISP & LB feature on the SonicWALL appliance. While both features can be used in conjunction,
WAN ISP & LB is used to balance outgoing traffic across two ISP connections, and NAT LB is
primarily used to balance incoming traffic.
Load Balancing distributes traffic among similar network resources so that no single server
becomes overwhelmed, allowing for reliability and redundancy. If one server becomes
unavailable, traffic is routed to available resources, providing maximum uptime.
becomes overwhelmed, allowing for reliability and redundancy. If one server becomes
unavailable, traffic is routed to available resources, providing maximum uptime.
This document details how to configure the necessary NAT, load balancing, health check,
logging, and firewall rules to allow systems from the public Internet to access a Virtual IP (VIP)
that maps to one or more internal systems, such as Web servers, FTP servers, or SonicWALL
SSL VPN appliances. This Virtual IP may be independent of the SonicWALL appliance or it may
be shared, assuming the SonicWALL appliance itself is not using the port(s) in question.
logging, and firewall rules to allow systems from the public Internet to access a Virtual IP (VIP)
that maps to one or more internal systems, such as Web servers, FTP servers, or SonicWALL
SSL VPN appliances. This Virtual IP may be independent of the SonicWALL appliance or it may
be shared, assuming the SonicWALL appliance itself is not using the port(s) in question.
Please note that the load balancing capability in SonicOS Enhanced firmware versions 4.0 and
higher, while fairly basic, will satisfy the requirements for many customer network deployments.
Customers with environments needing more granular load balancing, persistence, and health-
check mechanisms are advised to use a dedicated third-party load balancing appliance (prices
run from US$4,000 to US$25,000 per device).
higher, while fairly basic, will satisfy the requirements for many customer network deployments.
Customers with environments needing more granular load balancing, persistence, and health-
check mechanisms are advised to use a dedicated third-party load balancing appliance (prices
run from US$4,000 to US$25,000 per device).