Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


SonicWALL Loopback NAT Policy

Posted on 2014-11-25
Medium Priority
Last Modified: 2015-08-25
Hi, I have started to configure my new NSA 2600 and I have a question about the Loopback NAT Policy and firewalled subnets.

I have setup the following NAT Policy but the firewalled subnets group doesn't appear to list any of my subnets only my two LAN interfaces.

When I try and access the servers web interface from with the building, it fails to load.

Original Source: Firewalled Subnets
Translated Source: Public Address of Server
Original Destination: Public Address of Server
Translated Destination: Local Address of Server
Original Service: HTTPS
Translated Service: Original
Inbound Interface: Any
Outbound Interface: Any

If I create my own address group listing my Internal Subnets as the Original Source, the policy works as expected and I can access the servers web interface from within the building.

Is there any reason why my LAN subnets are not listed in the Firewall Subnets group?

I have Route Polices configured for each of my LAN subnets and they can all access the internet.
Question by:Tech Man
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
LVL 26

Accepted Solution

Blue Street Tech earned 2000 total points
ID: 40464076
Hi, I'd recommend using the Wizard in the top right corner. It creates all the necessary service, address objects, acres rules and NAT Policies automatically. Select whichever type of server you prefer in the Wizard.

Author Comment

by:Tech Man
ID: 40469702
Hi, I have used the Wizard, but the loopback still fails.

What I did to make it work was create my own address objects equivalent of Firewalled Subnets adding in the subnets behind the firewall.

I then used this address group as the Original Source in the NAT loopback rule.
LVL 26

Expert Comment

by:Blue Street Tech
ID: 40476115
I'd take a deep look into your configuration although you got it to work by creating another Object that is supposed to do what Firewalled Subnets does by default, something sounds way off. Firewalled Subnets includes everything Firewalled, hence their name...LAN, LAN2, WLAN, etc. If that isn't functioning correctly I wonder what else isn't?

Anyway, I'd update the SonicOS to the latest General Release and see if it "fixes" the issue (opposed to a workaround). If that doesn't resolve it and you can't figure out why it is functioning that way...I'd personally manually record the settings and wipe it to factory defaults and start building it from scratch. Note, in this case taking a settings backup and then applying it to the newly factory reset would not be advised since the settings are the issue.

Let me know how it goes!
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.


Author Comment

by:Tech Man
ID: 40480352
It seems to me like the sonicwall is not correctly detecting the subnets behind the firewall.

My network is configured with VLANS for each LAN network segment.

E.g Firewalls on VLAN100, Servers on VLAN10

The firewall is with servers on the 10.1.10.x range.

I have created address groups for each of my LAN side subnets and created route policies for each of them.
Each subnet can access the internet with out issue.

The firewall is running SonicOS Enhanced

I have a core switch which has all the VLANS configured on it.
I then have a default route on the core switch the points to the firewall.

Do I need to create sub interfaces on the X0 with all my VLANS?
LVL 26

Expert Comment

by:Blue Street Tech
ID: 40480616
Each VLAN should have been setup in the Interfaces and Zones pages either as Sub-Interfaces if you want them to share the same Zone or as separate Interfaces.

The Route Policies are simply setup by don't need to adjust those.

Author Comment

by:Tech Man
ID: 40538998
I posted this question on the Dell Sonicwall forum and they reply with:

Create address groups for each of your LAN side subnets and created route policies for each of them.

So its looks like I answered my own question.
LVL 26

Expert Comment

by:Blue Street Tech
ID: 40539054
You can accomplish it multiple ways...wizards are undoubtedly the best way to do this. But if you want to setup route's up to you....I was just providing you with the best practice version of how to do it.


Author Comment

by:Tech Man
ID: 40539072
No problem, thanks for your input.

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question