Solved

Sonicwall:  How to to Enable Constient/Persistant NAT

Posted on 2012-03-14
3
1,522 Views
Last Modified: 2012-03-19
I have a Sonicwall TZ210
How do I to Enable Constient/Persistant NAT?
Thanks
0
Comment
Question by:ie0
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Expert Comment

by:schmitty007
ID: 37722095
Sonicwall has some pretty good documentation that explains and walks you through the process I have linked the PDF.

i could type out the step by step on creating and NAT for your appliance but thats a lot of typing and guide does a great job of explaining building the NAT and then creating your Firewall rules.
0
 

Author Comment

by:ie0
ID: 37722121
Sch,
I know how to create Nat Policies very well, but I am being told I need to enable Constient/Persistant NAT.  I thought this was just a checkbox somewhere?
Am I mistaken?
0
 
LVL 4

Accepted Solution

by:
schmitty007 earned 500 total points
ID: 37722152
There is a setting under the VOIP Settings that allows you to check the Enable consistent NAT check box but, that is the only place I know of for that option.

With out knowing the reasoning behind the request sorry I not more help, also didn't mean to step on your knowledge was not intended.

I nicked this from sonicwalls support page, hopefully it helps.

What is ‘Consistent NAT’?
The control for this feature, which is located on the ‘Firewall > VoIP’ page, should be left unchecked by default. The
‘Consistent NAT’ option modifies the SonicWALL's standard NAT behavior when handling outbound UDP traffic in
order to provide higher levels of compatibility with a small handful of certain peer-to-peer applications such as some
online games and Apple's ‘iChat’ application. Consistent NAT uses an MD5 hashing method to consistently assign
the same remapped (i.e. Network Address Translated) public IP address and public UDP port pair to each internal
private IP address and private UDP port pair. For example:
 
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 40004
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50655    --> Consistent Remapped Public (WAN) UDP Port: 40745
Private (LAN) IP: 192.168.168.20 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 54621
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 49724
With Consistent NAT, all subsequent requests from either host 192.168.168.10 or 192.168.168.20 using the same
Private UDP ports as illustrated above would result in  the use of the same, predictable remapped Private UDP
ports. Without Consistent NAT, the remapped port would change with every subsequent request, providing no
consistency, and no predictability. Most UDP based applications are perfectly compatible with the latter, and do not
require Consistent NAT.
 
There is a slight decrease to overall security as a result of the increased predictability of the traffic resulting
from the consistent port remapping of Consistent NAT. The potential for exploitation is minimal; nonetheless, unless
Consistent NAT is strictly required to support a certain application, it is recommended that it be left at its default
setting of "disabled."
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Use of vpn-filter value  in S2S VPN 2 57
Sonicwall SHA issue 4 49
Bandwidth cap???? 8 63
Palo Alto Networks Security Rule Additions via CLI - multiple objects 3 36
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question