SonicOS 7.1 Rules and Policies for Policy Mode
- SonicOS 7.1 Rules and Policies
- Overview
- Settings
- Security Policy
- NAT Policy
- About NAT in SonicOS
- About NAT Load Balancing
- About NAT64
- About FQDN-based NAT
- About Source MAC Address Override
- Viewing NAT Policy Entries
- Adding or Editing NAT or NAT64 Rule Policies
- Deleting NAT Policies
- Creating NAT Rule Policies: Examples
- Creating a One-to-One NAT Policy for Inbound Traffic
- Creating a One-to-One NAT Policy for Outbound Traffic
- Inbound Port Address Translation via One-to-One NAT Policy
- Inbound Port Address Translation via WAN IP Address
- Creating a Many-to-One NAT Policy
- Creating a Many-to-Many NAT Policy
- Creating a NAT Load Balancing Policy for Two Web Servers
- Routing
- Decryption Policy
- DoS Policy
- DNS Policy
- Endpoint Policy
- Shadow
- SonicWall Support
Creating a One-to-One NAT Policy for Outbound Traffic
One-to-one NAT for outbound traffic is another common NAT policy on a firewall for translating an internal IP address into a unique IP address. This is useful when you need specific systems, such as servers, to use a specific IP address when they initiate traffic to other destinations. Most of the time, a NAT policy such as this one-to-one NAT policy for outbound traffic is used to map a server’s private IP address to a public IP address, and it is paired with a reflexive (mirror) policy that allows any system from the public internet to access the server, along with a matching firewall access rule that permits this. The reflexive NAT policy is described in Creating a One-to-One NAT Policy for Inbound Traffic.
To create a one-to-one policy for outbound traffic
-
Navigate to the OBJECT | Match Objects > Addresses page.
-
Click +Add at the top of the page. The Address Object Settings dialog displays.
- Enter a friendly description such as
webserver_private_ip
for the server’s private IP address in the Name field. - Select the zone assigned to the server from the Zone Assignment drop-down menu.
- Choose Host from the Type drop-down menu.
- Enter the server’s private IP address in the IP Address field.
- Click Save. The new address object is added to the Address Objects table.
- Then, repeat Step 2 through Step 7 to create another object in the Address Object Settings dialog for the server’s public IP address and select WAN from the Zone Assignment drop-down menu. Use
webserver_public_ip
for the Name. - Click Save to create the address object. The new address object is added to the Address Objects table.
- Click Cancel to close the Address Object Settings dialog.
-
Navigate to the POLICY | Rules and Policies > NAT page.
-
Click +Add. The Add NAT Rule dialog displays.
-
To create a NAT policy to allow the web server to initiate traffic to the public internet using its mapped public IP address, choose the options shown in Option choices: One-to-One NAT Policy for Outbound Traffic Example:
-
When done, click Add to add and activate the NAT policy.
-
Click Cancel to close the Add NAT Rule dialog.
With this policy in place, the firewall translates the server’s private IP address to the public IP address when it initiates traffic out the WAN interface (by default, the X1 interface).
You can test the one-to-one mapping by opening up a web browser on the server and accessing the public website http://www.whatismyip.com. The website should display the public IP address you attached to the private IP address in the NAT policy you just created.
Was This Article Helpful?
Help us to improve our support portal