Solved

Sonicwall Change Outbound NAT for Server

Posted on 2014-11-01
16
155 Views
Last Modified: 2014-12-25
Hey guys,

I have a Sonicwall NSA2400. Now one server, i opened a few ports to it and its working fine from the Outside. But when this server goes to the Internet, its going out with the Firewall's outside IP, i need to change this to a different IP. How would i do that on this firewall?
0
Comment
Question by:Cobra25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
  • +1
16 Comments
 

Expert Comment

by:bNetworked
ID: 40418032
What IP do you need to change it to and why?  Normal operation for a firewall is to use NAT (network address translation) to make everything look like it's coming from the internet side IP to protect all the computers behind it from being open and vulnerable to attack.  Depending on what you want to do, it may be possible to do with the Sonicwall using virtual interfaces or DMZ.  I think that we need more information in order to address this.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40418194
Yes you can do this. First make an address object for the ip you want it to be, Then make a nat rule for that server where translated from is that address object
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40418199
Alternatively I suggest you use the public server wizard instead of doing this manually. Then edit the service group to have the services you want.
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 4

Author Comment

by:Cobra25
ID: 40422120
So its for my mail server.
Internal ip -- 192.168.60.10
Outside Ip: x.x.x.55
Firewall outside ip: x.x.x.60

So from the outside to in using the 55 address it works fine. When the mail server goes out to the internet/sends email, it goes out as the .60 which is causing mail to get blocked because the rdns/forward dns do not match.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40428816
Any thoughts guys?
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40428837
Is .60 the default for all traffic?

I've already said how to do this, Just make a nat rule from the exchange host to the Internet (X1 probably) translated source .55.
http://help.mysonicwall.com/sw/eng/305/ui2/23100/Network/Add_NAT_Policy.htm
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40428880
Aaron - thanks for the response.

Yes , .60 is the default.

Do i make a new rule or can i modify the existing NAT rule?

Right now my NAT Policy for this server is:
Original Source: Mail Server Private
Translated Source: Mail Server Public
Original Destination: Any
Translated Destination: Original
Original Service: Mail Server Services
Translated Service: Original
Inbound Interface: Any
Outbound Interface: X1
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40428892
What ip is "mail server public"?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40428907
Mail Server Public is Outside Ip: x.x.x.55
0
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40428920
Change original service to any and see if that fixes it.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40428926
I changed Outbound Interface to Any and that got it. Thanks Aaron!
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40511868
I've requested that this question be closed as follows:

Accepted answer: 0 points for Cobra25's comment #a40428926

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40511869
I can't see comment numbers from the mobile site but this comment of mine was the final solution:
Change original service to any and see if that fixes it.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40511935
The last Author Comment tells different. The Outbound interface needed to get changed. No mentioning of the service being an issue.

Qlemo
Cleanup Volunteer
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40512405
Please award Aaron points, he got me to the solution.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 185
Windows Server Firewall Configuration 2 74
Varsity Logistics Speedwigh and AS/400 issues 18 67
Issue with seeing default gateway on ASA 5506 firewall 4 60
Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question