Home  |  Services  |  About Us  |  Contact  | 

 

Brad's TechTips - SonicWall

[<< Full list of SonicWall tips.]
 
 
SonicWall: Configure a rule so a non-primary, public IP address is displayed to the Internet for an internal server
 
In many cases, you will have multiple, public IP addresses assigned to your organization, and you will have corresponding private addresses on your LAN for systems such as mail and Web servers.
 
If you want one of these servers to display one of the "alternate" public IP addresses to the Internet (in other words, not the firewall's primary address), then you must configure a NAT policy to do so.  Here are the settings for Sonicwall Enhanced OS, using an internal email server as an example:
 
1.  Create an address object "Mail Server Internal" and provide its private IP address,
     such as 192.168.0.2.  Assign it to the LAN zone (typical, but maybe DMZ/OPT or
     other zone depending on your environment.)
 
2.  Create an address object "Mail Server Public" and provide the public IP address
     that you want the Internet to "see," such as 98.118.96.60.  Assign it to the WAN zone.
 
3.  Create a custom NAT policy with the following settings:
          Original source: Mail Server Internal
          Translated Source: Mail Server Public (This will be the IP address displayed to the Internet.)
          Original Destination: Any
          Translated Destination: Orginal
          Original Service: SMTP (or use ANY if you want all communications from that server
                                    to reflect the alternate address)
          Translated Service: Original
          The remaining settings can remain at their default values.
 
4.  Test the policy by going to http://www.fieldbrook.net/ in a Web browser on that server.
     The address that is displayed to the Internet will be visible at the bottom of the home page.