Add NAT definitions for element-based NAT
NAT definitions define the NAT addresses for elements.
When you add a NAT definition to an engine, the NAT definition is also added to the elements that are included in the engine’s NAT configuration. You primarily configure NAT definitions in the Engine Editor. It is also possible to configure NAT definitions in a network element’s properties, depending on your permissions in the Domain to which the elements belong.
NAT definitions are automatically arranged in order from most specific to least specific: manually added NAT rules, then NAT definitions, and finally default NAT. If there is not a more specific match after the NAT rules, and the NAT definitions are checked, default NAT is used. This means that NAT rules that are generated from NAT definitions and from using the Default NAT Address do not override the rules that you have manually added to the Firewall Policy.
For more details about the product and how to configure features, click Help or press F1.
Steps
Engine Editor > Policies > Element-based NAT
Use this branch to add NAT definitions for element-based NAT. The NAT definition is also added to the elements that are included in the NAT configuration.
Option | Definition |
---|---|
Use Default NAT Address for Traffic from Internal Networks (Optional) |
The NGFW Engine uses the default NAT address as the public IP address if there is not a more specific NAT definition that matches the traffic. When you select this option, a NAT rule is generated at the end of the NAT rules in the policy. If no NAT rule matches the traffic, no NAT is applied unless you enable the Default NAT Address. |
Show Details | Opens the Default NAT Address Properties dialog box. |
Add NAT Definition | Creates a NAT Definition element and opens the element properties. |
Edit NAT Definition | Opens the properties of an existing NAT Definition element. |
Remove NAT Definition | Removes the selected row from the table. |
Default NAT Address Properties dialog box
Use this dialog box to view the internal networks associated with the Default NAT address.
Option | Definition |
---|---|
Default NAT Address | Used to automatically translate traffic from internal networks to the public IP address of the external interface. Note: When several IP addresses from
the same network are available, the SMC automatically selects the smallest IPv4 address as the default NAT address.
|
Internal Networks | Shows the internal networks that are translated to the public IP address of the external interface. |
NAT Definition Properties dialog box
Use this dialog box to define NAT Definition properties.
Option | Definition |
---|---|
Translation Type | Select the translation type.
|
Private IP Address | The element that represents the private IP address. Click Select to select an element. |
Public IP Address | Select the source of the public IP address.
|
Port Filter
(Optional) |
To limit NAT only to traffic that goes to selected destination ports, select a Service or Service Group element to act as a port filter. The Service or Service Group element includes the destination port information (a single destination port or a range of ports). Click Add to add an element to the list, or Remove to remove the selected element. |
Comment (Optional) |
A comment for your own reference. |