View NAT sessions table
HMC Newbie ✭
IS there a way to view NAT sessions on a sonicwall. I need to confirm outbound traffic from a specific source is translated and to what ip address. There are many rules configured and it's not easy to identify with the naked eye. PLease advise. THank you
Category: Mid Range Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Not strictly a NAT table, but the Connections monitor should help you.
Thanks although I'm seeing the connection flow with the source and destination ip addresses I'm still not seeing the translated ip address in the connections log.
@HMC I'd suggest to utilize Packet Monitor, and capture the traffic flow based on the destination IP address only which will give you the original source IP and the translated source IP addresses.
I only see source and destination ip address in packet monitor. The destination ip is the final destination ip. I don't see the local source Natted ip address.
@HMC, here is an example. The asterisk on the ingress and egress interfaces indicates where the packet was captured. Moreover you can see that the IP address 192.168.168.100 of the host computer is translated to the IP address of X1 WAN interface which is 10.61.12.145 and the packet leaves the firewall on X1.
The GUI looks very similar (ver 6.5xx) however for destination I see only the real or original destination ip address. I can't see the translated ip address so I can identify the NAT rule that it hits.
On a cisco device you would see something like this
original_source <> translated_source ---- original_destination <> translated_destination
With sonicwall I'm only seeing a source and destination ip address. I'm only seeing the original and not the Natted ip addresses.
The destination isn't going to be translated right, only the source?
If you do a packet monitor and filter on the source IP of a thing and want to know what IP the source is being NATed from then you won't see it because you filtered on the known source IP of the thing. The post-NAT packets appear as duplicated packets with a different source IP [per MUSTAFAA's screenshot].
Try it another way and you will see what I mean - filter on a specific destination IP, generate some traffic to that destination IP and then look at the capture and observe the duplicated packets.
Or if you think you know what the source IP might be, filter on the private IP + the list of potential post-NAT source IPs.