Example: configuring NAT for static address translation
An example of configuring NAT for static address translation.
Company A has set up the firewall to translate the IP addresses of all communications between the internal and the external network
dynamically. However, the company also has a mail server, which must be able to accept connections from external networks. For this, it
must have a fixed translated IP address. The administrators:
- Create the Host element “Mail Server” to represent the mail server’s private IP address.
- Create the Host element “Mail Server NAT” to represent the mail server’s public IP address.
- Add two new NAT rules above the general dynamic translation rule.
- In this case, new connections can be opened both from the mail server and from external hosts, so two rules are necessary.
- Change the newly added NAT rules as follows:
Table 1. Static translation rules for opening connections both ways Source Destination Service NAT “Mail Server” Host element “NOT $ Local Protected Sites” Expression “SMTP” Service element Source: Static from Mail Server to Mail Server NAT “NOT $ Local Protected Sites” Expression “Mail Server NAT” Host “SMTP” Service element Destination: Static from Mail Server NAT to Mail Server - The first rule is for connections that the mail server opens to external hosts.
- The second rule is for connections that external hosts open to the mail server.
- Return address translation is done automatically, so if the connection would always be opened from one end, a single rule would suffice.
- Refresh the Firewall Policy.