Article Applies To: 

Gen5: NSA E8510, E8500, E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 240
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060, PRO 3060, PRO 2040, PRO 1260
TZ series: TZ210, TZ210 Wireless, TZ 200, TZ 200W, TZ 100, TZ 100W, TZ 190, 

Firmware versions: All Gen5 and Gen4 firmware versions (SonicOS Enhanced)

Please Note: This article applies to firmware version prior to SonicOS 


How to enable or disable a NAT policy from the Command Line Interface (CLI).


For this example, A Nat Policy for a FTP server will be used as shown in the screenshot below.


Also, verify on the Sonicwall Network > Interface page that SSH is enable for the WAN interface; click the configure button to see the Interface configuration page as shown below.


To connect to the Sonicwall’s CLI, connect the console cable to Sonicwall and a PC.

Open a Terminal Emulation Software like HyperTerminal or Putty.

Configure the following parameters to login to the Sonicwall CLI:

o    Bit per second: 115200

o    Data bits: 8

o    Parity: None

o    Stop bits: 1

o    Flow control: None

On the CLI page, login to the Sonicwall.


To Disable the Nat Policy, Enter the following commands:

·         Configure

·         Nat

·         Show nat                             (to see policies and get number for the policy to disable/enable)



·         Modify  #                             (to modify policy 14 enter  “modify 14”)


Just enabling or disabling the nat policy will not work, you have to make a change to it and then enable or disable it. For Example change the inbound-interface. 

·         Inbound-interface  any

·         No Enable                           disables NAT Policy

·         End                                     saves the changes and exits.

·         Show nat                             verifies policy is disabled


To Enable the Nat Policy, edit the inbound-interface and then use the enable command.

·         Inbound-interface  “X1”

·         Enable                                                   To re-enable NAT

·      End