SonicOS 8 Rules and Policies for Classic Mode
- SonicOS 8 Rules and Policies
- Overview
- Access Rules
- Setting Firewall Access Rules
- About Connection Limiting
- Using Bandwidth Management with Access Rules
- Creating Access Rules
- Configuring Access Rules for IPv6
- Enabling and Disabling Access Rules
- Editing Access Rules
- Deleting Access Rules
- Restoring Access Rules to Default Settings
- Displaying Access Rules
- Displaying Access Rule Traffic Statistics
- Configuring Access Rules for NAT64
- Configuring Access Rules for a Zone
- Access Rules for DNS Proxy
- User Priority for Access Rules
- Access Rule Configuration Examples
- Setting Firewall Access Rules
- NAT Rules
- About NAT in SonicOS
- About NAT Load Balancing
- About NAT64
- About FQDN-based NAT
- About Source MAC Address Override
- Viewing NAT Policy Entries
- Adding or Editing NAT or NAT64 Rule Policies
- Deleting NAT Policies
- Creating NAT Rule Policies: Examples
- Creating a One-to-One NAT Policy for Inbound Traffic
- Creating a One-to-One NAT Policy for Outbound Traffic
- Inbound Port Address Translation via One-to-One NAT Policy
- Inbound Port Address Translation via WAN IP Address
- Creating a Many-to-One NAT Policy
- Creating a Many-to-Many NAT Policy
- Creating a One-to-Many NAT Load Balancing Policy
- Creating a NAT Load Balancing Policy for Two Web Servers
- Creating a WAN-to-WAN Access Rule for a NAT64 Policy
- DNS Doctoring
- Routing
- DNS Rules
- Content Filter Rules
- App Rules
- About App Rules
- Rules and Policies > App Rules
- Verifying App Rules Configuration
- App Rules Use Cases
- Creating a Regular Expression in a Match Object
- Policy-based Application Rules
- Logging Application Signature-based Policies
- Compliance Enforcement
- Server Protection
- Hosted Email Environments
- Email Control
- Web Browser Control
- HTTP Post Control
- Forbidden File Type Control
- ActiveX Control
- FTP Control
- Bandwidth Management
- Bypass DPI
- Custom Signature
- Reverse Shell Exploit Prevention
- Endpoint Rules
- SonicWall Support
Creating a Many-to-Many NAT Policy
The many-to-many NAT policy allows you to translate a group of addresses into a group of different addresses. This allows the firewall to utilize several addresses to perform the dynamic translation. If a many-to-many NAT rule policy contains source original and source translated with the same network prefix, the remaining part of the IP address is unchanged.
To create a many-to-many NAT rule policy
-
Navigate to the OBJECT | Match Objects > Addresses page.
-
Click +Add at the top of the page. The Address Object Settings dialog displays.
-
Enter a description for the address range, such as
public_range
, in the Name field. -
Select WAN as the zone from the Zone Assignment drop-down menu.
-
Choose Range from the Type drop-down menu. The Address Object Settings dialog changes.
-
Enter the range of addresses (usually public IP addresses supplied by your ISP) in the Starting IP Address and Ending IP Address fields.
-
Click Save to create the range object. The new address object is added to the Address Objects table.
-
Click Close.
-
Navigate to the POLICY | Rules and Policies > NAT
Rules page. -
Click +Add at the bottom of the NAT
Rules table. The Adding NAT Rule dialog displays. -
To create a NAT Rules policy to allow the systems on the LAN subnets (by default, the X0 interface) to initiate traffic using the public range addresses, choose the options shown in Option Choices: Many-to-Many NAT Policy Example:
-
Click Add to add and activate the NAT Rule policy. The new policy is added to the NAT
Rules Policy table.
With this policy in place, the firewall dynamically maps outgoing traffic using the four available IP addresses in the range you created.
You can test the dynamic mapping by installing several systems on the LAN interface (by default, the X0 interface) at a spread-out range of addresses (for example, 192.168.10.10
, 192.168.10.100
, and 192.168.10.200
) and accessing the public website http://www.whatismyip.com from each system. Each system should display a different IP address from the range you created and attached to the NAT policy.
If a many-to-many NAT policy contains source original and source translated with the same network prefix, the remaining part of the IP address is unchanged.
Was This Article Helpful?
Help us to improve our support portal