Chris Walter
asked on
How do I turn off NAT on a route Sonicwall TZ600
I recently tried to upgrade from TZ215W to TZ600. All functions except one worked after the upgrade. The client has a VoIP phone system and we have 3 routes defined to the phone system router.
Traffic for 172.???.???.170, 172.???.???.171 and 10.???.???.0 is routed to 192.???.???.74. I have compared setting from the old router and new and don’t see a difference. The phone vendor says the routed traffic is being Natted. How do I turn this off on the TZ600? I didn’t have to do anything special on the TZ215.
The goal is to have all phone related traffic go out a different internet connection. see attached for network diag.
Traffic for 172.???.???.170, 172.???.???.171 and 10.???.???.0 is routed to 192.???.???.74. I have compared setting from the old router and new and don’t see a difference. The phone vendor says the routed traffic is being Natted. How do I turn this off on the TZ600? I didn’t have to do anything special on the TZ215.
The goal is to have all phone related traffic go out a different internet connection. see attached for network diag.
there a re a few options
-on the LAN / DMZ interface (e.g. X0) on the advanced TAB there's an advanced Routed Mode, this will create so called No-NAT policies
-DISABLE (do NOT delete) the existing outbound NAT policies, e.g. X0 to X1 interface with translated Source X1 IP
-or as Tome Cieslik said, create your own custom No-NAT policies.
-on the LAN / DMZ interface (e.g. X0) on the advanced TAB there's an advanced Routed Mode, this will create so called No-NAT policies
-DISABLE (do NOT delete) the existing outbound NAT policies, e.g. X0 to X1 interface with translated Source X1 IP
-or as Tome Cieslik said, create your own custom No-NAT policies.
ASKER
We have a NAT policy Source = Phone resources destination = Lan subnet everything else any or original. To be clear the IP we are routing to is on our Lan subnet. As for the advanced tab on the XO interface "use Routed Mode" is unchecked. Same as the original router that is working are you suggesting turning it on?
Many -to-one NAT will allow you create separate subnet and you going to be able open ONLY ports you want, This is most secure approach since hackers will sniff your network also no matter if this will be phone network or life
ASKER
Maybe i didn't explain very well the phone networks are different than the data we are trying to route all traffic to either phone network to 192.168.XX.74 which the phone vendors router is connected to. we already have a NAT rule that takes either of the phone networks to a specific IP 192.168.xxx.74
Phone subnets 172. and 10.
Date subnet 192.168.
Phone subnets 172. and 10.
Date subnet 192.168.
I would use VLANs for a case like this.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
This is simple to configure.
I can explain but here you can find very good step by step tutorial :)
https://www.sonicwall.com/en-us/support/knowledge-base/170505782921100