Configuring Consistent NAT (Network Address Translation)

Description

Consistent NAT enhances standard NAT policy to provide greater compatibility with peer-to-peer applications that require a consistent IP address to connect to, such as VoIP.

Consistent NAT uses an MD5 hashing method to consistently assign the same mapped public IP address and UDP Port pair to each internal private IP address and port pair.

Cause

EXAMPLE: NAT could translate the private (LAN) IP address and port pairs, 192.116.168.10/50650 and 192.116.168.20/50655 into public (WAN) IP/port pairs as follows.


Private IP/Port

Translated Public IP/Port
192.116.168.10/50650 64.41.140.167/40004
192.116.168.20/50655 64.41.140.167/40745

With Consistent NAT enabled, all subsequent requests from either host 192.116.168.10 or 192.116.168.20 using the same ports illustrated in the previous result in using the same translated address and port pairs. Without Consistent NAT, the port and possibly the IP address change with every request.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

  1. Navigate to NETWORK | VOIP.
  2. On the Settings tab | GENERAL SETTINGS.
  3. Activate the Enable Consistent NAT checkbox.
  4. Click Accept.
    Image

NOTE: Enabling Consistent NAT causes a slight decrease in overall security, because of the increased predictability of the address and port pairs. Most UDP-based applications are compatible with traditional NAT. Therefore, do not enable Consistent NAT unless your network uses applications that require it.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

  1. Navigate to Manage |Voip.
  2. On the General settings.
  3. Activate the Enable Consistent NAT checkbox.
  4. Click Accept
     Image

NOTE: Enabling Consistent NAT causes a slight decrease in overall security, because of the increased predictability of the address and port pairs. Most UDP-based applications are compatible with traditional NAT. Therefore, do not enable Consistent NAT unless your network uses applications that require it.


Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.


Enabling Consistent NAT:

  1. Navigate to VoIP | Settings.
  2. Activate the  Enable Consistent NAT checkbox.
  3. Click Apply
    Image

NOTE: Enabling Consistent NAT causes a slight decrease in overall security, because of the increased predictability of the address and port pairs. Most UDP-based applications are compatible with traditional NAT. Therefore, do not enable Consistent

Related Articles

  • How to export and import connection profiles in NetExtender
    Read More
  • Unable access High availability idle device using monitoring IP address
    Read More
  • SSL Control enabled with "Detect Certificate signed by an Untrusted CA" causes Windows Update to fail.
    Read More

Categories

Firewalls
NSa Series
Networking
Firewalls
NSv Series
Networking
Firewalls
TZ Series
Networking
not finding your answers?
Ask the Community
was this article helpful?
YesNo