?
Solved

SonicWall OS: Do I need "reflexive policy"?

Posted on 2012-09-08
5
Medium Priority
?
5,506 Views
Last Modified: 2012-09-10
On a SonicWall NSA220, I want all LAN users to have access to the internet.

I also want to publish several websites using 1-2-1 nat.

When I create a nat policy for a website, I can check the "reflexive" box, but do I need to?

If I don't check that box, and a web developer is remote desktop'd into the web server from the inside LAN, he or she can still do a google search (for example) from that web server and that access will go through the "all LAN users access to the internet" rule, correct?

I don't need the reflexive policy to give internet surfing capability to a web developer working directly on the web server, do I?

Thanks.
0
Comment
Question by:gateguard
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 38380706
Dear,

1)"I want all LAN users to have access to the internet" make sure you have rule Allow rule from LAN to WAN

2) "I also want to publish several websites using 1-2-1 nat" easy.... you can use Wizard for the same or refer atatched

3) "I can check the "reflexive" box, but do I need to" for refelx policy please look @ https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4061&formaction=catalert

under section "Creating a One-to-One NAT Policy for Inbound Traffic (Reflective)"
SonicOS-Enhanced--Three-Types-of.pdf
0
 

Author Comment

by:gateguard
ID: 38381592
It seems like the answer to my question is "no, you don't need to create a reflexive policy when creating an inbound nat policy because outbound the servers can all use the site many-to-one nat policy?

Is that correct?

Is the reflexive only used when you want the server's OUTGOING traffic to initiate on the specific public address, instead of the general site many-to-one nat address?

Do I understand that correctly?
0
 
LVL 16

Accepted Solution

by:
Syed_M_Usman earned 2000 total points
ID: 38381921
Dear,

"It seems like the answer to my question is "no, you don't need to create a reflexive policy when creating an inbound nat policy because outbound the servers can all use the site many-to-one nat policy?" This seems to be True but i will study and make some secnarios for detailed answer.
0
 

Author Closing Comment

by:gateguard
ID: 38384377
Thanks, Syed, and I appreciate all your hard work on all these questions.

This is not critical.  What I decided to do was leave the box checked but disable the reflexive rule.

I think we can both add notes to this question later, even though it's closed.

I will be doing some experimentation myself and if I can, I'll post results here.
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 38385552
Thank you :)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month13 days, 20 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question