NAT Question

I continue to pull my hair out replacing our sonicwall with a new watchguard. Sonicwall does things so differently it seems. Something I've noticed is that in the sonicwall NAT policies, there are actually policies that NAT a single IP address to an entire subnet. I'm not really sure why but I see traffic using this policy. From what I can tell on a watchguard, you can only NAT an ip to an ip or a subnet to a subnet but not an IP to a subnet. Does anyone know if there is a way to accomplish this on the watchguard?


  • Options

    You didn't mention whether the NAT'ing was inbound or outbound, but if you use Policy Manager > Network > NAT Setup > you can configure either Dynamic NAT from a single IP to a subnet under the Dynamic NAT tab, or configure a 1 to 1 NAT using the other tab.

    Static NAT is configured under Setup > Actions > SNAT for inbound connections to servers or to create a poor mans load balancer.

    This may help.


    • Doug

    It's usually something simple.

  • Options

    Its hard to say if they are inbound or outbound but it kind of appears that there is a mixture of the two. One of the policies has source: and destination: Another one has Source:, Source Translated:, Destination:

  • Options

    The first scenario appears to be internal between Trusted or Optional networks or VLANS, the second appears to be from a Sever to an external IP.

    The firebox's default NAT settings should handle both scenarios unless something specific is required.

    It's usually something simple.

Sign In to comment.