This policy is easy to set up and activate. You first need to go to the Network > Address Objects and click on the Add button at the bottom of the screen. When the Add Address Object window appears, enter in a description for the range in the Name field, choose Range from the drop-down menu, enter the range of addresses (usually public IP addresses supplied by your ISP) in the Starting IP Address and Ending IP Address fields, and select WAN as the zone from the Zone Assignment menu. When done, click on the OK button to create the range object.
Select Network > NAT Policies and click on the Add button. The Add NAT Policy dialog displays. To create a NAT policy to allow the systems on the LAN interface (by default, the X0 interface) to initiate traffic using the public range addresses, choose the following from the drop-down menus:
|
•
|
Original Source—LAN Primary Subnet
|
|
•
|
Translated Source—public_range
|
|
•
|
|
•
|
Translated Destination—Original
|
|
•
|
Original Service—Any
|
|
•
|
Translated Service—Original
|
|
•
|
|
•
|
|
•
|
Comment—Enter a short description
|
|
•
|
Enable NAT Policy—Checked
|
|
•
|
Create a reflective policy—Unchecked
|
When done, click on the OK button to add and activate the NAT Policy. With this policy in place, the SonicWall security appliance dynamically maps outgoing traffic using the four available IP addresses in the range we created.
You can test the dynamic mapping by installing several systems on the LAN interface (by default, the X0 interface) at a spread-out range of addresses (for example, 192.168.10.10, 192.168.10.100, and 192.168.10.200) and accessing the public Website http://www.whatismyip.com from each system. Each system should display a different IP address from the range we created and attached to the NAT policy.