SonicWALL TZ-205 Router Manual PDF (Setup & Configuration Guide)

Page 31 / 44 Scroll up to view Page 26 - 30

Page 28

Address Objects

5.

Click on the

Advanced

tab.

6.

Configure the other settings on the

Advanced

tab as

explained below:

•

In the

TCP Connection Inactivity Timeout (minutes)

field, set the length of TCP inactivity after which the

access rule will time out. The default value is

15

minutes.

•

In the

UDP Connection Inactivity Timeout

(minutes)

field, set the length of UDP inactivity after

which the access rule will time out. The default value

is

30

minutes.

•

In the

Number of connections allowed (% of

maximum connections)

field, specify the percentage

of maximum connections that is allowed by this access

rule. The default is 100%.

•

Select

Create a reflexive rule

to create a matching

access rule for the opposite direction, that is, from

your destination back to your source.

7.

Click on the

QoS

tab to apply DSCP marking to traffic

governed by this rule.

8.

Click

OK

to add the rule.

Address Objects

Address Objects are one of four object classes (Address, User,

Service, and Schedule) in SonicOS Enhanced. Once you

define an Address Object, it becomes available for use

wherever applicable throughout the SonicOS management

interface. For example, consider an internal Web server with an

IP address of 67.115.118.80.

Rather than repeatedly typing in the IP address when

constructing Access Rules or NAT policies, you can create an

Address Object to store the Web server’s IP address. This

Address Object, “My Web Server,” can then be used in any

configuration screen that employs Address Objects as a

defining criterion.

Available Address Object types include the following:

•

Host –

Define a single host by its IP address.

•

Range –

Define a range of contiguous IP addresses.

•

Network –

Network Address Objects are like Range

objects in that they comprise multiple hosts, but rather than

being bound by specified upper and lower range delimiters,

the boundaries are defined by a valid netmask.

•

MAC Address –

Allows for the identification of a host by its

hardware address.

•

FQDN Address –

Fully Qualified Domain Names (FQDN)

Address Objects allow for the identification of a host by its

domain name, such as www.sonicwall.com.

Page 32 / 44

SonicWALL TZ 100/200 Series Getting Started Guide

Page 29

Tip:

SonicOS Enhanced provides a number of default

Address Objects that cannot be modified or deleted.

You can use the default Address Objects when creating

a NAT policy, or you can create custom Address

Objects to use. All Address Objects are available in the

drop-down lists when creating a NAT policy.

Creating and Managing Address Objects

The

Network

>

Address Objects

page allows you to create

and manage your Address Objects. You can view Address

Objects in the following ways using the

View Style

menu:

•

All Address Objects

–

displays all configured Address

Objects.

•

Custom Address Objects

–

displays Address Objects

with custom properties.

•

Default Address Objects

–

displays Address Objects

configured by default on the SonicWALL security

appliance.

Network Address Translation

The Network Address Translation (NAT) engine in SonicOS

Enhanced allows users to define granular NAT policies for their

incoming and outgoing traffic. By default, the SonicWALL

security appliance has a preconfigured NAT policy to perform

Many-to-One NAT between the systems on the LAN and the IP

address of the WAN interface. The appliance does not perform

NAT by default when traffic crosses between the other

interfaces.

You can create multiple NAT policies on a SonicWALL running

SonicOS Enhanced for the same object – for instance, you can

specify that an internal server uses one IP address when

accessing Telnet servers, and uses a different IP address for all

other protocols. Because the NAT engine in SonicOS Enhanced

supports inbound port forwarding, it is possible to access

multiple internal servers from the WAN IP address of the

SonicWALL security appliance. The more granular the NAT

Policy, the more precedence it takes.

Before configuring NAT Policies, you must create all Address

Objects that will be referenced by the policy. For instance, if you

are creating a One-to-One NAT policy, first create Address

Objects for your public and private IP addresses.

Page 33 / 44

Page 30

Network Address Translation

Configuring NAT Policies

NAT policies allow you to control Network Address Translation

based on matching combinations of Source IP address,

Destination IP address, and Destination Services. Policy-based

NAT allows you to deploy different types of NAT simultaneously.

The following NAT configurations are available in SonicOS

Enhanced:

•

Many-to-One NAT Policy

•

Many-to-Many NAT Policy

•

One-to-One NAT Policy for Outbound Traffic

•

One-to-One NAT Policy for Inbound Traffic (Reflexive)

•

One-to-Many NAT Load Balancing

•

Inbound Port Address Translation via One-to-One NAT

Policy

•

Inbound Port Address Translation via WAN IP Address

This section describes how to configure a One-to-One NAT

policy. One-to-One is the most common NAT policy used to

route traffic to an internal server, such as a Web server. Most of

the time, this means that incoming requests from external IP

addresses are

translated

from the IP address of the SonicWALL

security appliance WAN port to the IP address of the internal

Web server.

The following example configuration illustrates the

use of the fields in the Add NAT Policy procedure. To add a

One-to-One NAT policy that allows all Internet traffic to be

routed through a public IP address, two policies are needed:

one policy for the outbound traffic, and one policy for the

inbound traffic.

Page 34 / 44

SonicWALL TZ 100/200 Series Getting Started Guide

Page 31

To add the components of a One-to-One NAT policy, perform

the following steps:

1.

Navigate to the

Network > Address Objects

Page and

choose the Custom radio button.

2.

Click the

Add

button; define a network address object

(example named '

webserver 10.33.4.101

' ; a LAN host

object w/ IP address 10.33.4.101)

3.

Navigate to the

Network > NAT Policies

page. Click Add.

The Add NAT Policy dialog box displays.

4.

For

Original Source

, select

Any

.

5.

For

Translated Source

, select

Original

.

6.

For

Original Destination

, select

WAN Primary IP

.

7.

For

Translated Destination

, select '

webserver

10.33.4.101

'

8.

For

Original Service

, select

HTTP

.

9.

For

Translated Service

, select

Original

.

10. For

Inbound Interface

, select

X1

.

11. For

Outbound Interface

, select

Any

.

12. For

Comment

, enter a short description.

13.

Select the

Enable NAT Policy

checkbox.

14.

Select the

Create a reflexive policy

checkbox if you want

a matching NAT policy to be automatically created in the

opposite direction. This will create the outbound as well as

the inbound NAT Policy.

For more information on creating NAT policies, refer to the

SonicOS Enhanced Administrator’s Guide

.

Page 35 / 44

Page 32

Network Address Translation

Rate

Popular SonicWALL Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share