SonicOS 7.1 Rules and Policies for Classic Mode
- SonicOS 7.1 Rules and Policies
- Overview
- Access Rules
- Setting Firewall Access Rules
- About Connection Limiting
- Using Bandwidth Management with Access Rules
- Creating Access Rules
- Configuring Access Rules for IPv6
- Enabling and Disabling Access Rules
- Editing Access Rules
- Deleting Access Rules
- Restoring Access Rules to Default Settings
- Displaying Access Rules
- Displaying Access Rule Traffic Statistics
- Configuring Access Rules for NAT64
- Configuring Access Rules for a Zone
- Access Rules for DNS Proxy
- User Priority for Access Rules
- Access Rule Configuration Examples
- Setting Firewall Access Rules
- NAT Rules
- About NAT in SonicOS
- About NAT Load Balancing
- About NAT64
- About FQDN-based NAT
- About Source MAC Address Override
- Viewing NAT Policy Entries
- Adding or Editing NAT or NAT64 Rule Policies
- Deleting NAT Policies
- Creating NAT Rule Policies: Examples
- Creating a One-to-One NAT Policy for Inbound Traffic
- Creating a One-to-One NAT Policy for Outbound Traffic
- Inbound Port Address Translation via One-to-One NAT Policy
- Inbound Port Address Translation via WAN IP Address
- Creating a Many-to-One NAT Policy
- Creating a Many-to-Many NAT Policy
- Creating a One-to-Many NAT Load Balancing Policy
- Creating a NAT Load Balancing Policy for Two Web Servers
- Creating a WAN-to-WAN Access Rule for a NAT64 Policy
- DNS Doctoring
- Routing
- DNS Rules
- Content Filter Rules
- App Rules
- About App Rules
- Rules and Policies > App Rules
- Verifying App Rules Configuration
- App Rules Use Cases
- Creating a Regular Expression in a Match Object
- Policy-based Application Rules
- Logging Application Signature-based Policies
- Compliance Enforcement
- Server Protection
- Hosted Email Environments
- Email Control
- Web Browser Control
- HTTP Post Control
- Forbidden File Type Control
- ActiveX Control
- FTP Control
- Bandwidth Management
- Bypass DPI
- Custom Signature
- Reverse Shell Exploit Prevention
- Endpoint Rules
- SonicWall Support
Creating a One-to-One NAT Policy for Outbound Traffic
One-to-one NAT for outbound traffic is another common NAT policy on a firewall for translating an internal IP address into a unique IP address. This is useful when you need specific systems, such as servers, to use a specific IP address when they initiate traffic to other destinations. Most of the time, a NAT policy such as this one-to-one NAT policy for outbound traffic is used to map a server’s private IP address to a public IP address, and it is paired with a reflexive (mirror) policy that allows any system from the public internet to access the server, along with a matching firewall access rule that permits this. The reflexive NAT policy is described in Creating a One-to-One NAT Policy for Inbound Traffic.
To create a one-to-one policy for outbound traffic
-
Navigate to the OBJECT | Match Objects > Addresses page.
-
Click +Add at the top of the page. The Address Object Settings dialog displays.
- Enter a friendly description such as
webserver_private_ip
for the server’s private IP address in the Name field. - Select the zone assigned to the server from the Zone Assignment drop-down menu.
- Choose Host from the Type drop-down menu.
- Enter the server’s private IP address in the IP Address field.
- Click Save. The new address object is added to the Address Objects table.
- Then, repeat Step 2 through Step 7 to create another object in the Address Object Settings dialog for the server’s public IP address and select WAN from the Zone Assignment drop-down menu. Use
webserver_public_ip
for the Name. - Click Save to create the address object. The new address object is added to the Address Objects table.
- Click Cancel to close the Address Object Settings dialog.
-
Navigate to the POLICY | Rules and Policies > NAT page.
-
Click +Add. The Add NAT Rule dialog displays.
-
To create a NAT policy to allow the web server to initiate traffic to the public internet using its mapped public IP address, choose the options shown in Option choices: One-to-One NAT Policy for Outbound Traffic Example:
-
When done, click Add to add and activate the NAT policy.
-
Click Cancel to close the Add NAT Rule dialog.
With this policy in place, the firewall translates the server’s private IP address to the public IP address when it initiates traffic out the WAN interface (by default, the X1 interface).
You can test the one-to-one mapping by opening up a web browser on the server and accessing the public website http://www.whatismyip.com. The website should display the public IP address you attached to the private IP address in the NAT policy you just created.
Was This Article Helpful?
Help us to improve our support portal