Can v18 do consistent NAT?

I see Sonicwall can do Consistent NAT as per link below

Consistent NAT enhances standard NAT policy to provide greater compatibility with peer-to-peer applications that require a consistent IP address to connect to, such as VoIP.

Consistent NAT uses an MD5 hashing method to consistently assign the same mapped public IP address and UDP Port pair to each internal private IP address and port pair.

https://www.sonicwall.com/support/knowledge-base/configuring-consistent-nat-network-address-translation/170505836533942/

 

Can XG v18 do this or is it on the roadmap?

  • Are you having problems with regular NAT? From reading the link, they are only using it for voip. Generally p2p is harder to block than allowing it so don't understand the need. Randomized port numbers are generally considered a good thing.

    Regards

  • We have a problem with a VOIP solution currently where phones lose their provisioning and disconnect however we have a Datto router in this particular client at present and the phone company said the issue is happening due to it not supporting consistent NAT. I am hoping to try and put in a Sophos firewall to see if it will resolve it but wanted to check here if this was something v18 supported so I would be prepared in advance.

  • I would say, no. There is no mechanism to map the Ports via MD5.

    But as i read the Sonicwall page, i saw following line:

      NOTE: Enabling Consistent NAT causes a slight decrease in overall security, because of the increased predictability of the address and port pairs. Most UDP-based applications are compatible with traditional NAT. Therefore, do not enable Consistent NAT unless your network uses applications that require it.

     

     

    Thats not good at all. 

     

    Sophos has some other VOIP approaches. We use SIP helper to read the SIP Trunk and open the ports, needed by the VOIP Application.

    https://community.sophos.com/kb/en-us/123523

     

    From some other sites:

    Consistent NAT helps the device to have the same external port opened every time it connects. In this way, if the UDP port does timeout, the next time the phone makes an outbound call, that original port is re-opened thereby allowing the next inbound call to successfully arrive.

     

    __________________________________________________________________________________________________________________

  • FYI.  MD5 should have been set to OFF on all networks long time ago ...

    Paul Jr