Loop back NAT: Traffic dropped as Policy Drop

Description

When configuring a loopback NAT and running traffic matching this rule, the traffic is dropped as "Policy Drop".

Cause

The traffic is dropped due to a missing or incorrectly configured Access Rule.

Resolution

Configure an access rule to allow traffic from the private Source IPs to the public IP of the destination.

Example:

  • Source zone is the LAN with subnet 192.168.1.0/24
  • The server is in DMZ zone with private IP 10.1.1.2 reachable through a public IP 1.1.1.1.

The access rule should be created from LAN to DMZ with:

  • Source: 192.168.1.0/24
  • Destination: 1.1.1.1

The access rule is matched before the NAT Policy is applied so when the traffic arrives to the SonicWall the destination IP is still the public even if the SonicWall already knows what's the destination zone.

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community