1 to 1 NAT setup. Should be easy but just isn't working for me.

fredstov used Ask the Experts™
I've got a watchguard Edge x20. I've got a relatively simple set up but it just doesn't seem to want to work. Maybe I'm missing something. I'm just trying to filter some traffic for some webservers and allow rdp into one of them.

I'm using 1 to 1 nat. Here is my set up:
a)  209.x.x.154 ->
b)  209.x.x.156 ->

on a, I need to allow port 80 and 443 as well as pop and smtp.
on b, I need the same thing but also add rdp 3389

The nat is set up fine and allow secondary ips is checked. The port filtering policies were set up using the wizard (and also tried with manual setup).

No matter what I do, it is blocking ALL traffic coming in. I can browse the web on the inside via my laptop and dhcp and the servers can browse the web also. The web just can't see them.

Any thoughts? Something I'm missing perhaps?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
After you create the 1 to 1 nat. You probably need to create a specific firewall rule to allow traffic to go from the external ip to the internal IP. I believe sonicwall blocks all traffic by default.

You can also do a allow any to that local ip, but that's not recommended because it opens up that local pc to the net.

Hope this helps

Hi I am pretty good with Watchguard so hopefully I can explain this too you in a simple way.
There is 2 types of NAT you can use in this situation.

1. Would be a Static NAT saying this Policy lets say SMTP port 25 TCP
  External is and internal is
  In the policy for SMTP it would look like this.
 From Any External
Use the attached photo for reference.

2. A 1 to 1 NAT is more complex but heres how you do it.
Do not have the Public IP's you are using in the alernate public ip field for the external interface that is only for Dynamic and Static Nat.

In the 1to1 NAT field put the public IP address and the Private IPadress and hosts to NAT 1
for example.

Public and realbase (Private) Hosts to NAT 1

Then Create a Policay and say in the policy for example if it is SMTP Proxy say ANY to the public interface. Hope this helps point you in the right direction.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial