SonicWALL Loopback NAT Policy

Posted on 2014-11-25
Last Modified: 2015-08-25
Hi, I have started to configure my new NSA 2600 and I have a question about the Loopback NAT Policy and firewalled subnets.

I have setup the following NAT Policy but the firewalled subnets group doesn't appear to list any of my subnets only my two LAN interfaces.

When I try and access the servers web interface from with the building, it fails to load.

Original Source: Firewalled Subnets
Translated Source: Public Address of Server
Original Destination: Public Address of Server
Translated Destination: Local Address of Server
Original Service: HTTPS
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any

If I create my own address group listing my Internal Subnets as the Original Source, the policy works as expected and I can access the servers web interface from within the building.

Is there any reason why my LAN subnets are not listed in the Firewall Subnets group?

I have Route Polices configured for each of my LAN subnets and they can all access the internet.
Question by:Tech Man
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
LVL 25

Accepted Solution

Diverse IT earned 500 total points
ID: 40464076
Hi, I'd recommend using the Wizard in the top right corner. It creates all the necessary service, address objects, acres rules and NAT Policies automatically. Select whichever type of server you prefer in the Wizard.

Author Comment

by:Tech Man
ID: 40469702
Hi, I have used the Wizard, but the loopback still fails.

What I did to make it work was create my own address objects equivalent of Firewalled Subnets adding in the subnets behind the firewall.

I then used this address group as the Original Source in the NAT loopback rule.
LVL 25

Expert Comment

by:Diverse IT
ID: 40476115
I'd take a deep look into your configuration although you got it to work by creating another Object that is supposed to do what Firewalled Subnets does by default, something sounds way off. Firewalled Subnets includes everything Firewalled, hence their name...LAN, LAN2, WLAN, etc. If that isn't functioning correctly I wonder what else isn't?

Anyway, I'd update the SonicOS to the latest General Release and see if it "fixes" the issue (opposed to a workaround). If that doesn't resolve it and you can't figure out why it is functioning that way...I'd personally manually record the settings and wipe it to factory defaults and start building it from scratch. Note, in this case taking a settings backup and then applying it to the newly factory reset would not be advised since the settings are the issue.

Let me know how it goes!
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.


Author Comment

by:Tech Man
ID: 40480352
It seems to me like the sonicwall is not correctly detecting the subnets behind the firewall.

My network is configured with VLANS for each LAN network segment.

E.g Firewalls on VLAN100, Servers on VLAN10

The firewall is with servers on the 10.1.10.x range.

I have created address groups for each of my LAN side subnets and created route policies for each of them.
Each subnet can access the internet with out issue.

The firewall is running SonicOS Enhanced

I have a core switch which has all the VLANS configured on it.
I then have a default route on the core switch the points to the firewall.

Do I need to create sub interfaces on the X0 with all my VLANS?
LVL 25

Expert Comment

by:Diverse IT
ID: 40480616
Each VLAN should have been setup in the Interfaces and Zones pages either as Sub-Interfaces if you want them to share the same Zone or as separate Interfaces.

The Route Policies are simply setup by don't need to adjust those.

Author Comment

by:Tech Man
ID: 40538998
I posted this question on the Dell Sonicwall forum and they reply with:

Create address groups for each of your LAN side subnets and created route policies for each of them.

So its looks like I answered my own question.
LVL 25

Expert Comment

by:Diverse IT
ID: 40539054
You can accomplish it multiple ways...wizards are undoubtedly the best way to do this. But if you want to setup route's up to you....I was just providing you with the best practice version of how to do it.


Author Comment

by:Tech Man
ID: 40539072
No problem, thanks for your input.

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HP Storage and Cisco Nexus 4 74
Samples DNS record setting. 5 59
LInux Mint to VPN with Sonic Firewalls 2 14
Network Share Issues 17 32
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question