NAT and system communications

If NAT is needed between SMC components, you must define Contact Addresses for the communications so that the components use the correct address for contact when needed.

Contact Addresses are used in a NAT environment for communications of SMC components with each other and with some external components that function as a part of the system. An example of these is a RADIUS server used for authenticating Administrators. Contact Addresses might also be needed for site-to-site VPNs and mobile VPNs.

The Firewall Template includes NAT rules which define that NAT is not done for communications between the firewall where the policy is installed and the Management Server and Log Server that the firewall uses. If these connections require NAT, the configuration must be done as explained here. Other system communications traversing the firewall can be translated as any other connections. However, Location and Contact Address definitions are usually still needed for those components so that they know the correct addresses to use with each other. See Situation where contact addresses are needed scenario.

Contact Addresses are defined for Locations, which is an element that represents all devices that are routable behind a particular interface of a NAT device. The components that need Contact Addresses are placed in the Locations according to the Contact Address they use.