User Guide
Network Access Rules Page 83
For example, to configure the SonicWALL to allow Internet traffic to your web server with
an IP address of 208.5.5.5 (Standard mode), create the following rule:
1. Verify that HTTP has been added as a Service as outlined previously.
2. Click the Rules tab, and click Add New Rule....
3. Select Allow, then Web (HTTP) from the Service menu.
4. Select WAN from the Ethernet Source menu, and leave the Addr Range Begin and
Addr Range End as they appear.
5. Select LAN from the Ethernet Destination menu, and type in the IP address of the
web server, 208.5.5.5 in the Addr Range Begin field. No IP address is added in the
Addr Range End since the destination is not a range of IP addresses.
6. Select always from the Apply this rule menu.
7. Enter a value (in minutes) in the Activity Timeout in Minutes field.
8. Do not select the Allow Fragmented Packets check box.
9. Click Update to add the rule to the SonicWALL.
Note: The source part (WAN, LAN, DMZ) can be limited to certain parts of the Internet
using a range of IP addresses on the WAN, LAN or DMZ. For example, the following rule
can be used to configure the same web server to be only visible from a single C class subnet
on the Internet: Allow HTTP, Source WAN 216.77.88.1 - 216.77.88.254, Destination LAN
208.5.5.5.
Creating Public Servers using NAT mode
It is possible to run a single Internet server per protocol on the LAN, using NAT, with only
a single IP address from your ISP. You can set up and run an e-mail server, a web server,
and an FTP server on different computers and configure them to be visible from the
Internet. The following example shows how to configure public servers using NAT mode.
Let’s assume that you have a SonicWALL configured in the NAT mode, with IP addresses
on the LAN in the range 192.168.1.1 to 192.168.1.254, and a WAN IP address of 208.1.2.3.
The web server has an IP address of 192.168.1.10; the e-mail server has an IP address of
integrated_manual.book Page 83 Friday, October 12, 2001 2:56 PM