• SonicOS 7 Rules and Policies
• Access Rules
  • Setting Firewall Access Rules
    • About Stateful Packet Inspection Default Access Rules
    • About Connection Limiting
    • Using Bandwidth Management with Access Rules
      • Enabling Bandwidth Management on an Access Rule
    • Configuring Access Rules
      • Configuring Access Rules for IPv6
      • Configuring Access Rules for NAT64
      • Access Rules for DNS Proxy
      • User Priority for Access Rules
      • Displaying Access Rules
        • By Zones
        • By Column
      • Configuring Access Rules for a Zone
    • Enabling and Disabling Access Rules
    • Editing Access Rules
    • Deleting Access Rules
    • Restoring Access Rules to Default Settings
    • Displaying Access Rule Traffic Statistics
  • Access Rule Configuration Examples
    • Enabling Ping
    • Blocking LAN Access for Specific Services
    • Allowing WAN Primary IP Access from the LAN Zone
• NAT Rules
  • About NAT in SonicOS
  • About NAT Load Balancing
    • Determining the NAT LB Method to Use
    • Caveats
    • How Load Balancing Algorithms are Applied
    • Sticky IP Algorithm Examples
      • Example One - Mapping to a Network
      • Example Two - Mapping to an IP Address Range
  • About NAT64
    • Use of Pref64::/n
  • About FQDN-based NAT
  • About Source MAC Address Override
  • Viewing NAT Policy Entries
    • Changing the Display
    • Filtering the Display
    • Displaying Information about Policies
  • Adding or Editing NAT or NAT64 Policies
  • Deleting NAT Policies
  • Creating NAT Rule Policies: Examples
    • Creating a One-to-One NAT Policy for Inbound Traffic
    • Creating a One-to-One NAT Policy for Outbound Traffic
    • Inbound Port Address Translation via One-to-One NAT Policy
    • Inbound Port Address Translation via WAN IP Address
    • Creating a Many-to-One NAT Policy
    • Creating a Many-to-Many NAT Policy
    • Creating a One-to-Many NAT Load Balancing Policy
    • Creating a NAT Load Balancing Policy for Two Web Servers
    • Creating a WAN-to-WAN Access Rule for a NAT64 Policy
    • DNS Doctoring
• Routing Rules
  • About Routing
    • About Metrics and Administrative Distance
      • About Metrics
      • About Administrative Distance
    • Route Advertisement
    • ECMP Routing
    • Policy-based Routing
    • Policy-based TOS Routing
    • PBR Metric-based Priority
    • Policy-based Routing and IPv6
    • OSPF and RIP Advanced Routing Services
      • About Routing Services
        • Protocol Type
        • Maximum Hops
        • Split-Horizon
        • Poison Reverse
        • Routing Table Updates
        • Subnet Sizes Supported
        • Autonomous System Topologies
      • OSPF Terms
    • Drop Tunnel Interface
    • App-based Routing
  • Rules and Policies > Routing Rules
    • Configuring Routing Rules
      • Adding Static Routes
      • Probe-Enabled Policy-based Routing Configuration
• Content Filter Rules
  • About Content Filtering Rules (CFS)
    • About Content Filter Rules
    • About UUIDs for CFS Policies
    • About Content Filter Objects
    • How CFS Works
  • Configuring CFS Policies
    • About the Content Filter Rule Table
      • Searching the Content Filter Rule Table
    • Adding a Content Filter Rule
    • Editing a Content Filter Rule
    • Deleting Content Filter Rules
• App Rules
  • About App Rules
    • What are App Rules?
      • About App Rules Policies
      • About App Rules Capabilities
    • Benefits of App Rules
    • How Does Application Control Work?
    • About App Rules Policy Creation
    • Licensing App Rules and App Control
    • Terminology
  • Rules and Policies > App Rules
    • Configuring an App Rules Policy
    • Using the App Rule Wizard
  • Verifying App Rules Configuration
    • Useful Tools
      • Wireshark
      • Hex Editor
  • App Rules Use Cases
    • Creating a Regular Expression in a Match Object
    • Policy-based Application Rules
    • Logging Application Signature-based Policies
    • Compliance Enforcement
    • Server Protection
    • Hosted Email Environments
    • Email Control
    • Web Browser Control
    • HTTP Post Control
    • Forbidden File Type Control
    • ActiveX Control
    • FTP Control
      • Blocking Outbound Proprietary Files Over FTP
      • Blocking Outbound UTF-8 / UTF-16 Encoded Files
      • Blocking FTP Commands
    • Bandwidth Management
    • Bypass DPI
    • Custom Signature
    • Reverse Shell Exploit Prevention
      • Generating the Network Activity
      • Capturing and Exporting the Payload to a Text File Using Wireshark
      • Creating a Match Object
      • Defining the Policy
• Endpoint Rules
• SonicWall Support
  • About This Document

Creating a One-to-Many NAT Load Balancing Policy

One-to-many NAT policies can be used to persistently load balance the translated destination using the original source IP address as the key to persistence. For example, firewalls can load balance multiple SonicWall appliances, while still maintaining session persistence by always balancing clients to the correct destination appliance.

This NAT Rules policy is combined with an Allow access rule.

To configure a one-to-many load balancing policy and access rule

1. Navigate to the POLICY | Rules and Policies > Access Rules page.

   

2. Click +Add to display the Adding Rule dialog.

   

3. Enter the values shown in the Option Choices: One-to-Many Access Rule table.

   Option Choices: One-to-Many Access Rule

   Option	Value
   Action	Allow
   From	WAN
   To	LAN
   Source Port	Select a port; the default is Any If Source Port is configured, the access rule filters the traffic based on the source port defined in the selected service object/group. The service object/group selected must have the same protocol types as the ones selected in Service.
   Service	HTTPS
   Source	Any
   Destination	WAN Primary IP
   Users Included	All
   Users Excluded	None (default)
   Schedule	Always on
   Comment	Descriptive text, such as SMA LB
   Enable logging	Selected
   Allow Fragmented Packets	Selected
   All other options	Unselected

4. Click Add. The rule is added.

5. Navigate to the POLICY | Rules and Policies > NAT Rules page.

6. Click +Add at the bottom of the page. The Adding NAT Rule dialog displays.

   

7. To create a NAT policy to allow the web server to initiate traffic to the public Internet using its mapped public IP address, choose the options shown in the Option Choices: One-to-Many NAT Load Balancing Policy Example table.

   Option Choices: One-to-Many NAT Load Balancing Policy Example

   Option	Value
   Original Source	Any
   Translated Source	Original
   Original Destination	WAN Primary IP
   Translated Destination	Select Edit | +New Address Object to display the Adding Address Object dialog. Use the options shown in Option Choices: Add Address Object Dialog. Option Choices: Add Address Object Dialog Option Value Name A descriptive name, such as MySMA Zone assignment LAN Type Host IP Address The IP addresses for the devices to be load balanced (in the topology for these examples, this is 192.168.200.10, 192.168.200.20, and 192.168.200.30.)
   Original Service	HTTPS
   Translated Service	HTTPS
   Inbound Interface	Any
   Outbound Interface	Any
   Comment	Descriptive text, such as SMA LB
   Enable NAT Policy	Selected
   Create a reflexive policy	Not selected

8. When done, click Add to add the NAT Rules policy.

For a more specific example of a one-to-many NAT load balancing policy, see Configuring NAT Load Balancing for Two Web Servers.