Sonicwall Change Outbound NAT for Server

Hey guys,

I have a Sonicwall NSA2400. Now one server, i opened a few ports to it and its working fine from the Outside. But when this server goes to the Internet, its going out with the Firewall's outside IP, i need to change this to a different IP. How would i do that on this firewall?
LVL 4
Cobra25Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bNetworkedSolutionistaCommented:
What IP do you need to change it to and why?  Normal operation for a firewall is to use NAT (network address translation) to make everything look like it's coming from the internet side IP to protect all the computers behind it from being open and vulnerable to attack.  Depending on what you want to do, it may be possible to do with the Sonicwall using virtual interfaces or DMZ.  I think that we need more information in order to address this.
0
Aaron TomoskySD-WAN SimplifiedCommented:
Yes you can do this. First make an address object for the ip you want it to be, Then make a nat rule for that server where translated from is that address object
0
Aaron TomoskySD-WAN SimplifiedCommented:
Alternatively I suggest you use the public server wizard instead of doing this manually. Then edit the service group to have the services you want.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Cobra25Author Commented:
So its for my mail server.
Internal ip -- 192.168.60.10
Outside Ip: x.x.x.55
Firewall outside ip: x.x.x.60

So from the outside to in using the 55 address it works fine. When the mail server goes out to the internet/sends email, it goes out as the .60 which is causing mail to get blocked because the rdns/forward dns do not match.
0
Cobra25Author Commented:
Any thoughts guys?
0
Aaron TomoskySD-WAN SimplifiedCommented:
Is .60 the default for all traffic?

I've already said how to do this, Just make a nat rule from the exchange host to the Internet (X1 probably) translated source .55.
http://help.mysonicwall.com/sw/eng/305/ui2/23100/Network/Add_NAT_Policy.htm
0
Cobra25Author Commented:
Aaron - thanks for the response.

Yes , .60 is the default.

Do i make a new rule or can i modify the existing NAT rule?

Right now my NAT Policy for this server is:
Original Source: Mail Server Private
Translated Source: Mail Server Public
Original Destination: Any
Translated Destination: Original
Original Service: Mail Server Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: X1
0
Aaron TomoskySD-WAN SimplifiedCommented:
What ip is "mail server public"?
0
Cobra25Author Commented:
Mail Server Public is Outside Ip: x.x.x.55
0
Aaron TomoskySD-WAN SimplifiedCommented:
Change original service to any and see if that fixes it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cobra25Author Commented:
I changed Outbound Interface to Any and that got it. Thanks Aaron!
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Cobra25's comment #a40428926

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Aaron TomoskySD-WAN SimplifiedCommented:
I can't see comment numbers from the mobile site but this comment of mine was the final solution:
Change original service to any and see if that fixes it.
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
The last Author Comment tells different. The Outbound interface needed to get changed. No mentioning of the service being an issue.

Qlemo
Cleanup Volunteer
0
Cobra25Author Commented:
Please award Aaron points, he got me to the solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.