source mac address override: how to on TZ670
In the SonicOS 7 Rules and Policies manual is stated:
------------------------------------------------------------------------------------------------------------------
About Source MAC Address Override
An internal option has been added that allows you to replace the source MAC address of an outbound or port-forwarded packet with the MAC address specified in a NAT policy. By default, without this option, the MAC address of the output interface is used as the source MAC address of the packet.
This feature is also disabled by default, but can be enabled using an internal setting. Contact SonicWall Technical Support for information about internal settings.
------------------------------------------------------------------------------------------------------------------
How can I enable this internal feature?
One of our customers want to see the MAC address of the NATted device behind the TZ (LAN side) when checking the NATted IP address (WAN side).
Thank you.
Best Answers
-
BWC Cybersecurity Overlord ✭✭✭
@BasM did you enabled the Option "Enable NAT option to override MAC address" in your internal settings?
https://<yourappliance>:<mgmgport>/sonicui/7/m/diag
I never used that option, but publishing the MAC address of an internal device to the WAN port sounds strange to me. Wouldn't that require that the Firewall is accepting traffic for this MAC on WAN and how does this not mess up things with ARP on LAN etc?
--Michael@BWC
0 -
BasM Newbie ✭
Hi Michael,
Thanks for your reply.
I think you have a valid point... probably better to use Static ARP entries to publish the MAC addresses of the NATted devices on the WAN side.
Thanks again,
Bas
0