Solved

X500 1 to 1 NAT cannot access internet.

Posted on 2010-09-14
4
529 Views
Last Modified: 2013-11-16
We have 4 static IPs and a watchguard X 500.
 
I setup 1 to 1 Nat , also added the dynamic Nat exclusion.  I also made sure I did not have the public IP as an alias on the box.  However when the box that is setup to be the one to one internal IP, it cant get to the internet, when I remove the 1to1 it gets right out.  

Can anyone help me ?
 
0
Comment
Question by:TechGuy_007
  • 2
4 Comments
 

Author Comment

by:TechGuy_007
Comment Utility
Anyone?
0
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
Which version of WG software are you running. Also, have you configured any specific outbound policy/rule or are you using default outgoing service.

Finally when you removed the IP from alias, did you reboot the firewall.

Please provide details.

Thank you.
0
 
LVL 4

Accepted Solution

by:
LBACIS earned 500 total points
Comment Utility
Without an external IP address on the 1 to 1 NAT it cannot go through the external interface. You are going to have to use the 1 to 1 nat and also check the default NAT on the policy in order for it to work.
0
 
LVL 4

Expert Comment

by:LBACIS
Comment Utility
Just a quick follow up as well, if you want to make the 1 to 1 NAT rule follow ALL of the way through rather than just for whatever inbound rule you are using to that endpoint you can add another DNS and HTTP rule with the 1 to 1 NAT. Remember when you put 1 to 1 NAT in a rule and not in the global settings of the policy it will only apply to the one rule...
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now