Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

View NAT sessions table

IS there a way to view NAT sessions on a sonicwall. I need to confirm outbound traffic from a specific source is translated and to what ip address. There are many rules configured and it's not easy to identify with the naked eye. PLease advise. THank you

Category: Mid Range Firewalls


  • TKWITSTKWITS Community Legend ✭✭✭✭✭
  • HMCHMC Newbie ✭

    Thanks although I'm seeing the connection flow with the source and destination ip addresses I'm still not seeing the translated ip address in the connections log.

  • MustafaAMustafaA SonicWall Employee

    @HMC I'd suggest to utilize Packet Monitor, and capture the traffic flow based on the destination IP address only which will give you the original source IP and the translated source IP addresses.

  • HMCHMC Newbie ✭

    I only see source and destination ip address in packet monitor. The destination ip is the final destination ip. I don't see the local source Natted ip address.

  • MustafaAMustafaA SonicWall Employee

    @HMC, here is an example. The asterisk on the ingress and egress interfaces indicates where the packet was captured. Moreover you can see that the IP address of the host computer is translated to the IP address of X1 WAN interface which is and the packet leaves the firewall on X1.

  • HMCHMC Newbie ✭
    edited May 2023

    The GUI looks very similar (ver 6.5xx) however for destination I see only the real or original destination ip address. I can't see the translated ip address so I can identify the NAT rule that it hits.

    On a cisco device you would see something like this

    original_source <> translated_source ---- original_destination <> translated_destination

    With sonicwall I'm only seeing a source and destination ip address. I'm only seeing the original and not the Natted ip addresses.

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    edited May 2023

    The destination isn't going to be translated right, only the source?

    If you do a packet monitor and filter on the source IP of a thing and want to know what IP the source is being NATed from then you won't see it because you filtered on the known source IP of the thing. The post-NAT packets appear as duplicated packets with a different source IP [per MUSTAFAA's screenshot].

    Try it another way and you will see what I mean - filter on a specific destination IP, generate some traffic to that destination IP and then look at the capture and observe the duplicated packets.

    Or if you think you know what the source IP might be, filter on the private IP + the list of potential post-NAT source IPs.

Sign In or Register to comment.