SonicOS 7.1 Rules and Policies for Policy Mode

NAT Policy > Creating NAT Rule Policies: Examples > Creating a Many-to-Many NAT Policy
Table of Contents

Creating a Many-to-Many NAT Policy

The many-to-many NAT policy allows you to translate a group of addresses into a group of different addresses. This allows the firewall to utilize several addresses to perform the dynamic translation. If a many-to-many NAT rule policy contains source original and source translated with the same network prefix, the remaining part of the IP address is unchanged.

To create a many-to-many NAT rule policy

  1. Navigate to the OBJECT | Match Objects > Addresses page.

  2. Click +Add at the top of the page. The Address Object Settings dialog displays.

  3. Enter a description for the address range, such as public_range, in the Name field.

  4. Select WAN as the zone from the Zone Assignment drop-down menu.

  5. Choose Range from the Type drop-down menu. The Address Object Settings dialog changes.

  6. Enter the range of addresses (usually public IP addresses supplied by your ISP) in the Starting IP Address and Ending IP Address fields.

  7. Click Save to create the range object. The new address object is added to the Address Objects table.

  8. Click Close.

  9. Navigate to the POLICY | Rules and Policies > NAT page.

  10. Click +Add at the bottom of the NAT table. The Adding NAT Rule dialog displays.

  11. To create a NAT Rules policy to allow the systems on the LAN subnets (by default, the X0 interface) to initiate traffic using the public range addresses, choose the options shown in Option Choices: Many-to-Many NAT Policy Example:

    Option Choices: Many-to-Many NAT Policy Example
    Option Value
    Original Source LAN Subnets
    Translated Source public_range
    Original Destination Any
    Translated Destination Original
    Original Service Any
    Translated Service Original
    Inbound Interface X0
    Outbound Interface X1
    Comment Enter a short description
    Enable Checked
    Create a reflexive policy (dimmed)

  12. Click Add to add and activate the NAT Rule policy. The new policy is added to the NAT Policy table.

With this policy in place, the firewall dynamically maps outgoing traffic using the four available IP addresses in the range you created.

You can test the dynamic mapping by installing several systems on the LAN interface (by default, the X0 interface) at a spread-out range of addresses (for example, 192.168.10.10, 192.168.10.100, and 192.168.10.200) and accessing the public website http://www.whatismyip.com from each system. Each system should display a different IP address from the range you created and attached to the NAT policy.

If a many-to-many NAT policy contains source original and source translated with the same network prefix, the remaining part of the IP address is unchanged.