Solved

Sonicwall:  How to to Enable Constient/Persistant NAT

Posted on 2012-03-14
3
1,416 Views
Last Modified: 2012-03-19
I have a Sonicwall TZ210
How do I to Enable Constient/Persistant NAT?
Thanks
0
Comment
Question by:ie0
  • 2
3 Comments
 
LVL 4

Expert Comment

by:schmitty007
ID: 37722095
Sonicwall has some pretty good documentation that explains and walks you through the process I have linked the PDF.

i could type out the step by step on creating and NAT for your appliance but thats a lot of typing and guide does a great job of explaining building the NAT and then creating your Firewall rules.
0
 

Author Comment

by:ie0
ID: 37722121
Sch,
I know how to create Nat Policies very well, but I am being told I need to enable Constient/Persistant NAT.  I thought this was just a checkbox somewhere?
Am I mistaken?
0
 
LVL 4

Accepted Solution

by:
schmitty007 earned 500 total points
ID: 37722152
There is a setting under the VOIP Settings that allows you to check the Enable consistent NAT check box but, that is the only place I know of for that option.

With out knowing the reasoning behind the request sorry I not more help, also didn't mean to step on your knowledge was not intended.

I nicked this from sonicwalls support page, hopefully it helps.

What is ‘Consistent NAT’?
The control for this feature, which is located on the ‘Firewall > VoIP’ page, should be left unchecked by default. The
‘Consistent NAT’ option modifies the SonicWALL's standard NAT behavior when handling outbound UDP traffic in
order to provide higher levels of compatibility with a small handful of certain peer-to-peer applications such as some
online games and Apple's ‘iChat’ application. Consistent NAT uses an MD5 hashing method to consistently assign
the same remapped (i.e. Network Address Translated) public IP address and public UDP port pair to each internal
private IP address and private UDP port pair. For example:
 
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 40004
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50655    --> Consistent Remapped Public (WAN) UDP Port: 40745
Private (LAN) IP: 192.168.168.20 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 54621
Private (LAN) IP: 192.168.168.10 --> Consistent Remapped Public (WAN) IP Address: 64.41.140.167
Private (LAN) UDP Port: 50650    --> Consistent Remapped Public (WAN) UDP Port: 49724
With Consistent NAT, all subsequent requests from either host 192.168.168.10 or 192.168.168.20 using the same
Private UDP ports as illustrated above would result in  the use of the same, predictable remapped Private UDP
ports. Without Consistent NAT, the remapped port would change with every subsequent request, providing no
consistency, and no predictability. Most UDP based applications are perfectly compatible with the latter, and do not
require Consistent NAT.
 
There is a slight decrease to overall security as a result of the increased predictability of the traffic resulting
from the consistent port remapping of Consistent NAT. The potential for exploitation is minimal; nonetheless, unless
Consistent NAT is strictly required to support a certain application, it is recommended that it be left at its default
setting of "disabled."
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question