NAT Question

I continue to pull my hair out replacing our sonicwall with a new watchguard. Sonicwall does things so differently it seems. Something I've noticed is that in the sonicwall NAT policies, there are actually policies that NAT a single IP address to an entire subnet. I'm not really sure why but I see traffic using this policy. From what I can tell on a watchguard, you can only NAT an ip to an ip or a subnet to a subnet but not an IP to a subnet. Does anyone know if there is a way to accomplish this on the watchguard?

Answers

  • You didn't mention whether the NAT'ing was inbound or outbound, but if you use Policy Manager > Network > NAT Setup > you can configure either Dynamic NAT from a single IP to a subnet under the Dynamic NAT tab, or configure a 1 to 1 NAT using the other tab.

    Static NAT is configured under Setup > Actions > SNAT for inbound connections to servers or to create a poor mans load balancer.

    This may help.

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_dynamic_firewall_add_c.html

    • Doug

    It's usually something simple.

  • Its hard to say if they are inbound or outbound but it kind of appears that there is a mixture of the two. One of the policies has source: 192.168.127.0/24 and destination: 192.168.1.1. Another one has Source: 192.168.2.35, Source Translated: 10.27.237.10, Destination: 10.27.238.13.

  • The first scenario appears to be internal between Trusted or Optional networks or VLANS, the second appears to be from a Sever to an external IP.

    The firebox's default NAT settings should handle both scenarios unless something specific is required.

    It's usually something simple.

Sign In or Register to comment.