Enable public access on SonicWall NSv in Azure

In cloud deployments using SonicWall NSv firewalls, a common requirement is to allow public access to internal servers (such as web or FTP servers) hosted inside the Azure Virtual Network (VNet). This setup involves configuring NAT policies on SonicWall NSv and ensuring IP forwarding is enabled both on the firewall and the Azure Network Interface (NIC). This article walks you through the necessary steps with screenshots.

• You have a SonicWall NSv deployed in Azure, protecting internal virtual machines.

• You want to allow external users to access a public server (e.g., Web Server) hosted behind the NSv firewall.

• You also need to enable IP forwarding in Azure for traffic to flow properly between Azure NIC and the SonicWall VM.

1. Enable IP Forwarding on the Azure Network Interface

To ensure Azure allows the SonicWall NSv to route traffic, you must enable IP forwarding on the NIC associated with the NSv VM.

Navigate to Azure Portal | Network Interfaces | Your NSv NIC | IP configurations, and enable IP Forwarding.
Toggle the IP Forwarding setting to "Enabled", then save the configuration.

2. Create Address Object for the Public Server

Access the SonicWall NSv, navigate to:

• Network | Address Objects

• Click Add

• Create an object representing the internal private IP of your public server.

3. Create NAT Policy

You need a NAT policy that translates the public IP (Azure Load Balancer IP or NSv WAN IP) to the internal server IP. Navigate to:

• Policy | NAT Policy

• Click wizard 

• click on public server guide
  
  
  
  
  

Example for the NAT Policy:

• Original Source: Any

• Translated Source: Original

• Original Destination: Public IP (e.g., Azure Load Balancer IP)

• Translated Destination: Web-Server (Address object created earlier)

• Original Service: HTTP (or custom as per need)

• Translated Service: Original

• Inbound Interface: X1 (WAN)

• Outbound Interface: X0 (LAN).