SonicWALL NSA E6500 Getting Started Guide
Page 45
5.
Click on the
QoS
tab if you want to apply DSCP or 802.1p
Quality of Service coloring/marking to traffic governed by
this rule. See the
SonicOS Enhanced Administrator’s
Guide
for more information on managing QoS marking in
access rules.
6.
Click
OK
to add the rule.
Creating a NAT Policy
The Network Address Translation (NAT) engine in SonicOS
Enhanced allows users to define granular NAT policies for their
incoming and outgoing traffic. By default, the SonicWALL
security appliance has a preconfigured NAT policy to allow all
systems connected to the
LAN
interface to perform Many-to-
One NAT using the IP address of the
WAN
interface, and a
policy to not perform NAT when traffic crosses between the
other interfaces.
You can create multiple NAT policies on a SonicWALL running
SonicOS Enhanced for the same object – for instance, you can
specify that an internal server use one IP address when
accessing Telnet servers, and to use a totally different IP
address for all other protocols. Because the NAT engine in
SonicOS Enhanced supports inbound port forwarding, it is
possible to hide multiple internal servers off the WAN IP
address of the SonicWALL security appliance. The more
granular the NAT Policy, the more precedence it takes.
Before configuring NAT Policies, you must create all Address
Objects associated with the policy. For instance, if you are
creating a One-to-One NAT policy, first create Address Objects
for your public and private IP addresses.
Address Objects are one of four object classes (Address, User,
Service and Schedule) in SonicOS Enhanced. These Address
Objects allow for entities to be defined one time, and to be re-
used in multiple referential instances throughout the SonicOS
interface. For example, take an internal Web server with an IP
address of 67.115.118.80. Rather than repeatedly typing in the
IP address when constructing Access Rules or NAT Policies,
Address Objects allow you to create a single entity called “My
Web Server” as a Host Address Object with an IP address of
67.115.118.80. This Address Object, “My Web Server”, can then
be easily and efficiently selected from a drop-down menu in any
configuration screen that employs Address Objects as a
defining criterion.
Since there are multiple types of network address expressions,
there are currently the following Address Objects types:
•
Host –
Host Address Objects define a single host by its IP
address.
•
Range –
Range Address Objects define a range of
contiguous IP addresses.
•
Network –
Network Address Objects are like Range
objects in that they comprise multiple hosts, but rather than
being bound by specified upper and lower range delimiters,
the boundaries are defined by a valid netmask.
NSA_E6500_GSG.book Page 45 Wednesday, June 17, 2009 7:16 PM