SonicOS 7.1 Rules and Policies for Policy Mode
- SonicOS 7.1 Rules and Policies
- Overview
- Settings
- Security Policy
- NAT Policy
- About NAT in SonicOS
- About NAT Load Balancing
- About NAT64
- About FQDN-based NAT
- About Source MAC Address Override
- Viewing NAT Policy Entries
- Adding or Editing NAT or NAT64 Rule Policies
- Deleting NAT Policies
- Creating NAT Rule Policies: Examples
- Creating a One-to-One NAT Policy for Inbound Traffic
- Creating a One-to-One NAT Policy for Outbound Traffic
- Inbound Port Address Translation via One-to-One NAT Policy
- Inbound Port Address Translation via WAN IP Address
- Creating a Many-to-One NAT Policy
- Creating a Many-to-Many NAT Policy
- Creating a NAT Load Balancing Policy for Two Web Servers
- Routing
- Decryption Policy
- DoS Policy
- DNS Policy
- Endpoint Policy
- Shadow
- SonicWall Support
About FQDN-based NAT
SonicOS supports NAT policies using FQDN Address Objects for the original source/destination.
Use cases include:
-
Specifying public IP addresses with FQDN to a local server
-
Specifying a public server with FQDN for consistency across replacement with a server that has a known IP address
-
Routing traffic from/to a FQDN to have a source IP address other than the outbound interface IP.
The following functionality is supported:
-
The original source/destination can be a pure FQDN or an address group with FQDN(s) and other IPv4 or IPv6 addresses, depending on the IP version of the NAT policy. A new FQDN address object can be directly created from the POLICY | Rules and Policies > NAT Policy page.
FQDN is not supported for the translated source/destination.
- IP version options are provided for a NAT policy only if the version is ambiguous based on settings for original/translated source/destination fields. Either IPv4 or IPv6 must be selected.
- Mousing over an FQDN object of a NAT policy displays the IP addresses in the same IP version as the NAT policy.
- When NAT translation is performed, only the IP addresses in the NAT's IP version are considered.
-
The Advanced page is disabled if FQDN is used in either or both the original source/destination fields.
If probing is enabled and/or the NAT method is configured to a non-default value such as Sticky IP, neither of original source/destination address objects can be modified to contain an FQDN.
- FQDN based NAT policies are supported in High Availability configurations.
Was This Article Helpful?
Help us to improve our support portal