Please anyone with good practices about One-to-many NAT Polices
guiabreufranca
Newbie ✭
Hi
I have searching a few day about NAT police One-to-many, but i havent encounter about so much.
My scenario is the following, we have two webserver, they are responding for a VIP, so my firewall will have to do to LB between them.
I have seaching in many documentations and dont have encouter somenthing precise.
Just for information i'm running my firmware version on my firewall on 6.5.4.7.
Best Answer
-
CORRECT ANSWER
preston
All-Knowing Sage ✭✭✭✭
you need to make sure that you are using a group with more than one address object in for the translated destination otherwise the option is greyed out, basically instead of using the Virtual IP use both of the real IP addresses add them as objects and then put in a address object group,
so Public address(orig destination) translate to the translated destination (address object group) then choose the load balancing method, make sure that the probes are set to use a valid TCP port that the servers are listening on in the Network monitor section after the NAT policy is added,
Also the in the firewall rule the destination is the public IP address
1
Answers
no one to many, use a front end LB behind FW
looks like you need NAT load balancing, see articles below
https://www.sonicwall.com/support/technical-documentation/docs/sonicos-7-0-0-0-rules_and_policies/Content/nat-rules-nat-policies-create-examples-nat-load-balancing-two-web-servers.htm
https://www.sonicwall.com/support/knowledge-base/how-does-sticky-ip-and-round-robin-nat-load-balancing-nlb-work/170505557055352
hi thankyou for the links, i have better ideia what to do now.
so in my nat policies, when i create and tried to change the NAT Method, this options is closed follow below;
and i cant see the options of method of the nats for tests in my homolog servers, is there a reason for that?