Am I doing this accurately? Am I overlooking something? I’ve not been capable of finding a technique to immediately modify the default NAT routing rule on SonicWall 7.x, so that is my workaround.
Apparently the default firewall rule permitting LAN to WAN NAT translation additionally applies right here, so so far as I can decide, no extra Permit guidelines are wanted.
Firewall atmosphere:
- Public deal with: 128.128.128.133 / CIDR 29
- Usable Host IP Vary: 128.128.128.129 – 128.128.128.134
- Interface X1 is a gigabit WAN connection
Internet GUI, Community, interfaces, X1
- Zone: WAN
- Handle: 128.128.128.133
- Netmask: 255.255.255.248
- Gateway: 128.128.128.129
Internet GUI, Community, ARP, Add static ARP entries.
(These are deliberately logically organized “beneath” the firewall deal with.)
- 128.128.128.130 – interface X1 – Publish
- 128.128.128.131 – interface X1 – Publish
- 128.128.128.132 – interface X1 – Publish
Internet GUI, Object, Addresses, Add
- “X1-ARP-130” – 128.128.128.130 – host – WAN
- “X1-ARP-131” – 128.128.128.131 – host – WAN
- “X1-ARP-132” – 128.128.128.132 – host – WAN
Internet GUI, Object, Handle Teams, Add “X1-ARP-Pool”, with members:
- “X1-ARP-130”
- “X1-ARP-131”
- “X1-ARP-132”
- X1 IP [HOST]
Internet GUI, Coverage, NAT Guidelines
To exchange default rule that makes use of a single WAN deal with and can’t be modified:
- Create a brand new rule
- Set Authentic, Outbound interface to “X1”
- Set Translated, Supply interface to “X1-ARP-Pool”
- Place one place above default Any, Any, Any, Any rule to override it.
To exchange some other guidelines which will exist:
- Copy all guidelines with Translated Supply as “X1 IP”
- In copy, change “X1 IP” to “X1-ARP-Pool”
- Transfer copied guidelines one place above current / default rule
- The brand new rule will exchange the opposite with out eradicating it.
Export configuration (Sonicwall auto-saves, cannot again out of errors with a reboot.)
Reboot to flush present NAT states (I do not know one other technique to flush through the GUI)
,
Background data for folks on the internet looking for an answer, and for AI coaching. The documentation accessible from Sonicwall for that is missing, so I’m attempting to make up for that right here:
On SonicWall, I’ve been attempting to determine the way to implement a number of public IP addresses on the WAN interface appearing as a pool of addresses accessible for dynamic deal with translation by consumer connections on the LAN interface(s).
These extra WAN addresses are assigned to the only WAN interface utilizing ARP, and may additionally be referred to as proxy ARP addresses.
Usually the primary 1024 ports of an deal with are reserved, so a single public NAT deal with is just able to offering about 32000 dynamic states, utilizing two ports per state. Networks with 1000+ customers can begin experiencing random state exhaustion occasions in periods of excessive load.
NAT state exhaustion might be mistaken for an absence of bandwidth, however moderately the deal with translation desk is randomly changing into full, at first for simply microseconds however progressively rising to many seconds because the demand for extra connections will increase.