Sonicwall: How to to Enable Constient/Persistant NAT

I have a Sonicwall TZ210
How do I to Enable Constient/Persistant NAT?
Thanks
ie0Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

schmitty007Commented:
Sonicwall has some pretty good documentation that explains and walks you through the process I have linked the PDF.

i could type out the step by step on creating and NAT for your appliance but thats a lot of typing and guide does a great job of explaining building the NAT and then creating your Firewall rules.
ie0Author Commented:
Sch,
I know how to create Nat Policies very well, but I am being told I need to enable Constient/Persistant NAT.  I thought this was just a checkbox somewhere?
Am I mistaken?
schmitty007Commented:
There is a setting under the VOIP Settings that allows you to check the Enable consistent NAT check box but, that is the only place I know of for that option.

With out knowing the reasoning behind the request sorry I not more help, also didn't mean to step on your knowledge was not intended.

I nicked this from sonicwalls support page, hopefully it helps.

What is ‘Consistent NAT’?
The control for this feature, which is located on the ‘Firewall > VoIP’ page, should be left unchecked by default. The
‘Consistent NAT’ option modifies the SonicWALL's standard NAT behavior when handling outbound UDP traffic in
order to provide higher levels of compatibility with a small handful of certain peer-to-peer applications such as some
online games and Apple's ‘iChat’ application. Consistent NAT uses an MD5 hashing method to consistently assign
the same remapped (i.e. Network Address Translated) public IP address and public UDP port pair to each internal
private IP address and private UDP port pair. For example:
 
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 40004
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50655    --> Consistent Remapped Public (WAN) UDP Port: 40745
Private (LAN) IP: 192.168.168.20 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 54621
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 49724
With Consistent NAT, all subsequent requests from either host 192.168.168.10 or 192.168.168.20 using the same
Private UDP ports as illustrated above would result in  the use of the same, predictable remapped Private UDP
ports. Without Consistent NAT, the remapped port would change with every subsequent request, providing no
consistency, and no predictability. Most UDP based applications are perfectly compatible with the latter, and do not
require Consistent NAT.
 
There is a slight decrease to overall security as a result of the increased predictability of the traffic resulting
from the consistent port remapping of Consistent NAT. The potential for exploitation is minimal; nonetheless, unless
Consistent NAT is strictly required to support a certain application, it is recommended that it be left at its default
setting of "disabled."

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.