• Address-to-Address Translation—local addresses are matched to public IP addresses. For example, the private IP address 10.50.42.112 might be mapped to the public IP address 132.22.3.2.
• Port Translation or Network Address Port Translation (NAPT)—local addresses are dynamically matched to public IP address/port combinations (standard TCP ports). For example, the private IP address 192.168.102.12 might be mapped to the public IP address 48.12.11.1 using port 2302.
IPv6 address objects display in the Original Source, Original Destination, Translated Source, and Translated Destination columns of the Nat Polices table. To add a NAT Policy, click the Add NAT Policy link. To edit an existing policy, click the Configure icon for the policy you want to edit. The procedures for adding and editing NAT policies in IPv6 is configured in the same method as for IPv4.
• One-to-One Mapping—one local IP address is mapped to one public IP address using Address-to-Address translation.
• Many-to-One Mapping—many local IP addresses are mapped to a single public IP address using NAPT.
• Many-to-Many Mapping—many local IP addresses are mapped to many public IP addresses. If the number of public IP addresses are greater than or equal to the number of local IP addresses, the SonicWALL appliance uses Address-to-Address translation. If the number of public IP addresses is less than the number of local IP addresses, the SonicWALL appliance uses NAPT. For example. If there are 10 private IP addresses and 5 public IP addresses, two private IP addresses will be assigned to each public IP address using NAPT.
• Original Source—used to remap IP addresses based on the source address, this field specifies an Address Object that can consist of an IP address or IP address range.
• Translated Source—specifies the IP address or IP address range to which the original source will be mapped.
• Original Destination—used to remap IP addresses based on the destination address, this field specifies an Address Object that can consist of an IP address or IP address range.
• Translated Destination—specifies the IP address or IP address range to which the original source will be mapped.
• Original Service—used to filter destination addresses by service, this field specifies a Service Object that can be a single service or group of services.
• Translated Service—specifies the service or port to which the original service is remapped.
• Source Interface—filters source addresses by interface.
• Destination Interface—filters destination addresses by interface.To configure one-to-one mapping from the private network to the public network, select the Address Object that corresponds to the private network IP address in the Original Source field and the public IP address that is used to reach the Internet in the Translated Source field. Leave the other fields alone, unless you want to filter by service or interface.
To configure one-to-one mapping from the public network to the private network, select the Address Object that corresponds to the public network IP address in the Original Destination field and the private IP address that is used to reach the server in the Translated Destination field. Leave the other fields alone, unless you want to filter by service or interface.
To configure many-to-one mapping from the private network to the public network, select the select the Address Object that corresponds to the private network IP addresses in the Original Source field and the public IP address that is used to reach the Internet in the Translated Source field. Leave the other fields alone, unless you want to filter by service or interface.
To configure many-to-many mapping from the private network to the public network, select the select the Address Object that corresponds to the private network IP addresses in the Original Source field and the public IP addresses to which they are mapped in the Translated Source field. Leave the other fields alone, unless you want to filter by service or interface.
To configure many-to-many mapping from the public network to the private network, select the Address Object that corresponds to the public network IP addresses in the Original Destination field and the IP addresses on the private network in the Translated Destination field. Leave the other fields alone, unless you want to filter by service or interface.
• Sticky IP—Source IP always connects to the same Destination IP (assuming it is alive). This method is best for publicly hosted sites requiring connection persistence, such as Web applications, Web forms, or shopping cart applications. This is the default mechanism, and is recommended for most deployments.
• Round Robin—Source IP cycles through each live load-balanced resource for each connection. This method is best for equal load distribution when persistence is not required.
• Block Remap/Symmetrical Remap—These two methods are useful when you know the source IP addresses/networks (for example, when you want to precisely control how traffic from one subnet is translated to another).
• Random Distribution—Source IP connects to Destination IP randomly. This method is useful when you wish to randomly spread traffic across internal resources.For more information about NAT Load Balancing, see the SonicOS Enhanced 4.0 Administrator’s Guide.
1
2
• Original Source—used to remap IP addresses based on the source address, this field specifies an Address Object that can consist of an IP address or IP address range.
• Translated Source—specifies the IP address or IP address range to which the original source will be mapped.
• Original Destination—used to remap IP addresses based on the destination address, this field specifies an Address Object that can consist of an IP address or IP address range.
• Translated Destination—specifies the IP address or IP address range to which the original source will be mapped.
• Original Service—used to filter source addresses by service, this field specifies a Service Object that can be a single service or group of services.
• Translated Service—used to filter destination addresses by service, this field specifies a Service Object that can be a single service or group of services.
• Source Interface—filters source addresses by interface.
• Destination Interface—filters destination addresses by interface.
4 To enable the NAT policy, select Enable.
5 Add any comments to the Comments field.
6
7 Select the NAT method from the NAT Method pull-down list. For information on the available methods, see NAT Load Balancing Methods .
8 Optionally select Enable Probing and make desired changes to the following fields:
• Probe host every ... seconds—indicates how often to probe the addresses in the load-balancing group
• Probe Type—specifies to use either Ping (ICMP) or TCP (checks that a socket is opened) for probing
• Port—specifies the port that the probe uses, such as TCP port 80 for a Web server
• Reply time out—specifies the number of seconds to wait for a reply to the probe
• Deactivate host after ... missed intervals—specifies the number of reply time outs before deciding that the host is unreachable
• Reactivate host after ... successful intervals—specifies the number of replies received before deciding that the host is available for load balancing again
9 When you are finished, click Update. The policy is added and you are returned to the NAT Policies screen.