Creating a NAT rule for public access in Cloud Secure Edge (CSE)
Description
This article provides step-by-step instructions to create a NAT (Network Address Translation) rule allowing public access to internal resources after enabling Public IP & Increased Connector Limit support for SonicWall Cloud Secure Edge (CSE) in SonicOS.
-kA1VN0000000Rul0AE-0EMVN00000IGrE7.gif)
NOTE: Enabling Public IP & Increased Connector Limit does not automatically create a source NAT to facilitate bidirectional access to Internet resources. You must create a source NAT policy to permit so that return traffic comes back to the Firewalls Public IP.
Step-by-Step Instructions
- Log into the Firewall admin UI
- Navigate to Network|Cloud Secure Edge and enable both Enable Cloud Secure Edge Connectivity and Public IPs & Increased Connector Limit.
- Under Status verify connector status shows as Connected.
- Navigate to NAT Rules
- Go to Policy|Rules and Policies |NAT Rules.
- Click Create New Rule.
- Configure the NAT Rule
Fill out the NAT rule form as follows:
Field
Value / Description
Rule Name
Descriptive name (e.g., PublicAccess_WebServer)
Source Zone
CSE_Access_Tier_AIPs
Destination Zone
Any
Original Source
Any
Inbound Interface
Any
Outbound Interface
Your WAN interface (e.g X1)
Translated Source
Your WAN interface (e.g X1)
Translated Destination
Original
Service
Any
Enable NAT Policy
✅ (Checked)
-kA1VN0000000Rul0AE-0EMVN00000IGrE9.png)
- Save and Apply
- Click Save to create the NAT rule.
- The policy takes effect immediately.
- Repeat for Other WAN interfaces (if applicable).