Example: configuring NAT for dynamic source address translation

An example of configuring NAT for dynamic source address translation.

Company A uses private IP addresses that are not routable on the Internet in their internal network. The administrators need to translate the internal IP addresses to IP addresses that are routable on the Internet to make it possible to use external services. The administrators:
  1. Create an Address Range element “External Addresses” for two consecutive IP addresses from the pool of addresses that they have been assigned by their Internet service provider.
  2. Add a NAT rule to their Firewall Policy:
    Table 1. Dynamic translation rule for opening connections to the Internet
    Source Destination Service NAT

    “$ Local Protected Sites” Alias

    “NOT $ Local Protected Sites” Expression

    ANY

    Source: Dynamic to External Addresses 1024–65535

    • The administrators use the whole range of high ports (1024–65535) for translating the addresses in this case.
    • Return address translation is done automatically. Therefore, a single rule suffices to cover all (client) hosts that only open connections themselves, and do not need to accept new connections coming from external networks.
  3. Refresh the Firewall Policy. All internal addresses are now hidden behind two IP addresses and a range of ports.