SonicWALL Loopback NAT Policy

Hi, I have started to configure my new NSA 2600 and I have a question about the Loopback NAT Policy and firewalled subnets.

I have setup the following NAT Policy but the firewalled subnets group doesn't appear to list any of my subnets only my two LAN interfaces.

When I try and access the servers web interface from with the building, it fails to load.

Original Source: Firewalled Subnets
Translated Source: Public Address of Server
Original Destination: Public Address of Server
Translated Destination: Local Address of Server
Original Service: HTTPS
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any

If I create my own address group listing my Internal Subnets as the Original Source, the policy works as expected and I can access the servers web interface from within the building.

Is there any reason why my LAN subnets are not listed in the Firewall Subnets group?

I have Route Polices configured for each of my LAN subnets and they can all access the internet.
Tech ManAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi, I'd recommend using the Wizard in the top right corner. It creates all the necessary service, address objects, acres rules and NAT Policies automatically. Select whichever type of server you prefer in the Wizard.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tech ManAuthor Commented:
Hi, I have used the Wizard, but the loopback still fails.

What I did to make it work was create my own address objects equivalent of Firewalled Subnets adding in the subnets behind the firewall.

I then used this address group as the Original Source in the NAT loopback rule.
Blue Street TechLast KnightCommented:
I'd take a deep look into your configuration although you got it to work by creating another Object that is supposed to do what Firewalled Subnets does by default, something sounds way off. Firewalled Subnets includes everything Firewalled, hence their name...LAN, LAN2, WLAN, etc. If that isn't functioning correctly I wonder what else isn't?

Anyway, I'd update the SonicOS to the latest General Release and see if it "fixes" the issue (opposed to a workaround). If that doesn't resolve it and you can't figure out why it is functioning that way...I'd personally manually record the settings and wipe it to factory defaults and start building it from scratch. Note, in this case taking a settings backup and then applying it to the newly factory reset would not be advised since the settings are the issue.

Let me know how it goes!
SolarWinds® IP Control Bundle (IPCB)

Combines SolarWinds IP Address Manager and User Device Tracker to help detect IP conflicts, quickly identify affected systems, and help your team take near instantaneous action. Help improve visibility and enhance reliability with SolarWinds IP Control Bundle.

Tech ManAuthor Commented:
It seems to me like the sonicwall is not correctly detecting the subnets behind the firewall.

My network is configured with VLANS for each LAN network segment.

E.g Firewalls on VLAN100, Servers on VLAN10

The firewall is with servers on the 10.1.10.x range.

I have created address groups for each of my LAN side subnets and created route policies for each of them.
Each subnet can access the internet with out issue.

The firewall is running SonicOS Enhanced

I have a core switch which has all the VLANS configured on it.
I then have a default route on the core switch the points to the firewall.

Do I need to create sub interfaces on the X0 with all my VLANS?
Blue Street TechLast KnightCommented:
Each VLAN should have been setup in the Interfaces and Zones pages either as Sub-Interfaces if you want them to share the same Zone or as separate Interfaces.

The Route Policies are simply setup by don't need to adjust those.
Tech ManAuthor Commented:
I posted this question on the Dell Sonicwall forum and they reply with:

Create address groups for each of your LAN side subnets and created route policies for each of them.

So its looks like I answered my own question.
Blue Street TechLast KnightCommented:
You can accomplish it multiple ways...wizards are undoubtedly the best way to do this. But if you want to setup route's up to you....I was just providing you with the best practice version of how to do it.

Tech ManAuthor Commented:
No problem, thanks for your input.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.