NAT Question
I continue to pull my hair out replacing our sonicwall with a new watchguard. Sonicwall does things so differently it seems. Something I've noticed is that in the sonicwall NAT policies, there are actually policies that NAT a single IP address to an entire subnet. I'm not really sure why but I see traffic using this policy. From what I can tell on a watchguard, you can only NAT an ip to an ip or a subnet to a subnet but not an IP to a subnet. Does anyone know if there is a way to accomplish this on the watchguard?
0
Sign In to comment.
Answers
You didn't mention whether the NAT'ing was inbound or outbound, but if you use Policy Manager > Network > NAT Setup > you can configure either Dynamic NAT from a single IP to a subnet under the Dynamic NAT tab, or configure a 1 to 1 NAT using the other tab.
Static NAT is configured under Setup > Actions > SNAT for inbound connections to servers or to create a poor mans load balancer.
This may help.
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_dynamic_firewall_add_c.html
It's usually something simple.
Its hard to say if they are inbound or outbound but it kind of appears that there is a mixture of the two. One of the policies has source: 192.168.127.0/24 and destination: 192.168.1.1. Another one has Source: 192.168.2.35, Source Translated: 10.27.237.10, Destination: 10.27.238.13.
The first scenario appears to be internal between Trusted or Optional networks or VLANS, the second appears to be from a Sever to an external IP.
The firebox's default NAT settings should handle both scenarios unless something specific is required.
It's usually something simple.