Page 72 SonicWALL SonicOS Standard Administrator’s Guide
the entries are the result of configuring LAN and WAN network settings. The SonicWALL LAN and WAN
IP addresses are displayed as permanently published at all times.
Network > NAT Policies
When two hosts communicate using TCP/IP on the internet, there are four parameters used in any TCP
or UDP connection: Source (IP) Address, Source (TCP/UDP) Port, Destination (IP) Address, and
Destination (TCP/UDP) Port. There are other protocols used on the internet which don't use port numbers;
ICMP has types and they typically don't get translated in NAT policies.
For example, if Host A with a Web browser with an IP address of 192.168.168.100 communicates using
HTTP with Server B, a web server on the Internet with an IP address of 64.0.0.1, the connection is from
Source Address 192.168.168.1 with Source Port, possibly a dynamic value 6082, to Destination Address
64.0.0.1 with Destination Port 80, a well-known HTTP port.
This communication will not work unless the NAT device does a translation of the source IP address. If
the Pro4060 has a WAN IP address of 65.5.5.5, then a default NAT policy is used to change the original
source IP address of 192.168.168.100 into the routable address on the outside (65.5.5.5), required for the
web server's responses to get back to the computer with the web browser. This default NAT policy for
outbound traffic is explained in detail later.
You can create customized NAT policies that manipulate of the three out of the four parameters in order
satisfy a number of networking requirements:
•
Source IP address
•
Destination IP address
•
Destination Service or Port Number (called 'Service' in the NAT Policies screens).
NAT policies allows you the flexibility to control Network Address Translation based on matching
combinations of Source IP address, Destination IP address, and Destination Services. Policy-based NAT
allows you to deploy different types of NAT simultaneously, including One-to-One, Many-to-One, Many-
to-Few, and Many-to-Many, as well as IP port redirection.
•
One-to-One NAT Policy - one IP address maps directly to another IP address. This is useful for host-
ing publicly accessible servers and maintaining private IP addressing.
•
Many-to-One NAT Policy - commonly used to allow multiple hosts on your LAN to communicate with
hosts on the Internet by sharing the WAN public IP address. Distinct sessions are possible via port
uniqueness and NAT is maintained using a dynamic state table.This policy is enabled by default on
the SonicWALL.
•
Many-to-Many NAT Policy - a group of IP addresses maps to another group of IP addresses. This
policy supports extremely large numbers of connections and can
enable IP address rotation.
Summary of Contents for SonicOS Enhanced 2.2
Page 19: ...Page 6 SonicWALL SonicOS Standard Administrator s Guide...
Page 45: ...Page 32 SonicWALL SonicOS Standard Administrator s Guide...
Page 65: ...Page 52 SonicWALL SonicOS Standard Administrator s Guide...
Page 141: ...Page 128 SonicWALL SonicOS Standard Administrator s Guide...
Page 185: ...Page 172 SonicWALL SonicOS Standard Administrator s Guide...
Page 188: ...Page 175...
Page 189: ...Page 176 SonicWALL SonicOS Enhanced Administrator s Guide...