From: https://www.sonicwall.com/en-us/support/knowledge-base/170505780814635


Configuring access to a server behind the SonicWall from the LAN / DMZ using Public IP addresses

Last Updated: 5/11/201821336 Views39 Users found this article helpful

Description

This document describes how a host on a SonicWall LAN or DMZ can access a server on the SonicWall LAN or DMZ using the server's public IP address or FQDN.

This document describes how a host on a SonicWall LAN can access a server on the SonicWall LAN using the server's public IP address (typically provided by DNS). Imagine a NSA 4500 (SonicOS Enhanced) network in which the Primary LAN Subnet is 10.100.0.0 /24 and the Primary WAN IP is 3.3.2.1. Let's say you have a Web site for your customers, and its hostname is . You have already written the policies and rules needed so that outsiders can get to the web site, but it's really running on a private side server 10.100.0.2. Now imagine that you are a person using a laptop on the private side, with IP of 10.100.0.200. You want to reach the server using its public name, because you do the same thing when your laptop is with you on the road. If you sit on the private side, and request http://www.domain.com>, loopback is what makes it possible for that to work, even though the server is actually right next to you on a local IP address.

To allow this functionality you need to create a loop-back policy.

Resolution

The idea behind this policy is that you must translate your source into a public object if you wish to talk to the public IPs from the LAN.

  • Login to the SonicWall Management GUI.
  • Navigate to Network | NAT Policies submenu.
  • Click on the Add button.
  • Create the following NAT Policy.
  • Original Source: LAN Subnets (or Firewalled Subnets if you want hosts in other zones to be included)
  • Translated Source: WAN Interface IP
  • Original Destination: WAN Interface IP
  • Translated Destination: (LAN server object)
  • Original Service: Any
  • Translated Service: Original
  • Inbound Interface: Any
  • Outbound Interface: Any

Image