Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Unnecessary NAT rule?

We have a NAT rule in our SW that I question if it's even necessary. In the attached image, Webmail is our internal mail server address and Webmail Public is obvious. My understanding is that SW creates a default NAT rule for all internal subnets when they're created? Why would we need a specific outgoing NAT rule for our email server?


Category: High End Firewalls
Reply

Answers

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    This would be needed if you did NOT want your mail server to use the same public IP address as the one assigned to the firewalls WAN interface. Creating the shown rule forces the mail servers traffic to be translated to the 'WEBMAIL PUBLIC' address object value.

    Read up on NAT.

  • SaravananSaravanan Moderator

    Hi @DJHURT1,

    Thank you for visiting SonicWall Community.

    Yes, you are right. When a subnet is configured on the SonicWall interface (physical or virtual - VLAN), the SonicWall automatically creates NAT, access rule and routing, etc,., for the interface IP address configured. A specific NAT policy needs to be configured manually on the SonicWall, when there is a need for any of our internal resources to use a different public IP address other than the interface configured one. This we call it as one to one NAT. In your case, please get rid of this NAT policy if the address object "Webmail Public" if it contains same IP address as that of the WAN interface, else the email server uses one to one NAT and you should keep the NAT policy as it is.

    Hope this clarifies.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.