Sonicwall:  How to to Enable Constient/Persistant NAT

Posted on 2012-03-14
Medium Priority
Last Modified: 2012-03-19
I have a Sonicwall TZ210
How do I to Enable Constient/Persistant NAT?
Question by:ie0
  • 2

Expert Comment

ID: 37722095
Sonicwall has some pretty good documentation that explains and walks you through the process I have linked the PDF.

i could type out the step by step on creating and NAT for your appliance but thats a lot of typing and guide does a great job of explaining building the NAT and then creating your Firewall rules.

Author Comment

ID: 37722121
I know how to create Nat Policies very well, but I am being told I need to enable Constient/Persistant NAT.  I thought this was just a checkbox somewhere?
Am I mistaken?

Accepted Solution

schmitty007 earned 2000 total points
ID: 37722152
There is a setting under the VOIP Settings that allows you to check the Enable consistent NAT check box but, that is the only place I know of for that option.

With out knowing the reasoning behind the request sorry I not more help, also didn't mean to step on your knowledge was not intended.

I nicked this from sonicwalls support page, hopefully it helps.

What is ‘Consistent NAT’?
The control for this feature, which is located on the ‘Firewall > VoIP’ page, should be left unchecked by default. The
‘Consistent NAT’ option modifies the SonicWALL's standard NAT behavior when handling outbound UDP traffic in
order to provide higher levels of compatibility with a small handful of certain peer-to-peer applications such as some
online games and Apple's ‘iChat’ application. Consistent NAT uses an MD5 hashing method to consistently assign
the same remapped (i.e. Network Address Translated) public IP address and public UDP port pair to each internal
private IP address and private UDP port pair. For example:
Private (LAN) IP: --> Consistent Remapped Public (WAN) IP Address:
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 40004
Private (LAN) IP: --> Consistent Remapped Public (WAN) IP Address:
Private (LAN) UDP Port: 50655    --> Consistent Remapped Public (WAN) UDP Port: 40745
Private (LAN) IP: --> Consistent Remapped Public (WAN) IP Address:
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 54621
Private (LAN) IP: --> Consistent Remapped Public (WAN) IP Address:
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 49724
With Consistent NAT, all subsequent requests from either host or using the same
Private UDP ports as illustrated above would result in  the use of the same, predictable remapped Private UDP
ports. Without Consistent NAT, the remapped port would change with every subsequent request, providing no
consistency, and no predictability. Most UDP based applications are perfectly compatible with the latter, and do not
require Consistent NAT.
There is a slight decrease to overall security as a result of the increased predictability of the traffic resulting
from the consistent port remapping of Consistent NAT. The potential for exploitation is minimal; nonetheless, unless
Consistent NAT is strictly required to support a certain application, it is recommended that it be left at its default
setting of "disabled."

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question