How do I present to the Internet an internal IP with another Public IP from the WAN subnet?

03/26/2020 180 People found this article helpful 42,587 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

This article describes how to present to the Internet an internal IP Host, Range or Subnet with a different Public IP from the ISP Pool than the SonicWall Interface WAN IP.

CAUTION: The IP must be part of the WAN subnet and assigned to you by your ISP if you're going to the internet.

Manually presenting to the Internet an internal IP Host, Range or Subnet with a different Public IP from the ISP Pool than the SonicWall Interface WAN IP involves the following steps:

1. Creating the necessary Address Objects
2. Creating the appropriate NAT Policy for Outbound
3. Check the Access Rule LAN to WAN is in place

Resolution

 Step 1: Creating the necessary Address Objects

1. Log into the SonicWall GUI.
2. Click Network | Address Objects.
3. Click the Add a new Address Object button and create two Address Objects for the Server's Public IP and the Server's Private IP.
4. Click OK to add the Address Object to the SonicWall's Address Object Table.

Step 2: Creating the appropriate NAT Policy for Outbound

A NAT Policy will allow SonicOS to translate incoming Packets destined for a Public IP Address to a Private IP Address, and/or a specific Port to another specific Port. Every Packet contains information about the Source and Destination IP Addresses and Ports and with a NAT Policy SonicOS can examine Packets and rewrite those Addresses and Ports for incoming and outgoing traffic.

1. Click Network | NAT Policies.
2. Click the Add a new NAT Policy button and a pop-up window will appear.
3. Click Add to add the NAT Policy to the SonicWall NAT Policy Table.

NOTE: When creating a NAT Policy you may select the "Create a reflexive policy" checkbox. This will create an inverse Policy automatically, in case you need the internal device to be accessed from the outside as well. This option is not available when configuring an existing NAT Policy, only when creating a new Policy.
For more info, please use the following KB: [[How to Enable Port Forwarding and Allow Access to a Server Through the SonicWall|170503477349850]]

• Original Source: Private IP Address Object
• Translated Source: Public IP Address Object
• Original Destination: Any
• Translated Destination: Original
• Original Service: Any
• Translated Service: Original
• Inbound Interface: The LAN interface, (Select Any if the devices are located in many interfaces)
• Outbound Interface: The WAN interface. (Select Any when using multiple WAN interfaces)
• Enable NAT Policy: Checked
• Create a reflexive policy: Unchecked

Step 3. Check the Access Rule LAN to WAN is allowing the NAT Policy to work

In order to work, please ensure that the LAN to WAN Access Rule is in place to allow the Private IPs to reach the WAN.

Verification
Go to any "What's my IP" website from the internal device you want to test and it will now be identified by the Public IP chosen.

Related Articles

• How to force an update of the Security Services Signatures from the Firewall GUI
• How to upload security services signatures manually on Closed Environments?
• How to Create Gen 7 Settings File by Using the Online Migration Tool

Categories

• Firewalls > NSa Series > Networking
• Firewalls > SonicWall NSA Series > Networking
• Firewalls > TZ Series > Networking