Add NAT definitions for element-based NAT
NAT definitions define the NAT addresses for elements.
When you add a NAT definition to an engine, the NAT definition is also added to the elements that are included in the engine’s NAT configuration. You primarily configure NAT definitions in the Engine Editor. It is also possible to configure NAT definitions in a network element’s properties, depending on your permissions in the Domain to which the elements belong.
NAT definitions are automatically processed in the following order from the most specific to the least specific:
- Manually added NAT rules in the Firewall Policy
- NAT definitions for element-based NAT
- Default NAT
If there is not a more specific match after the NAT rules and the NAT definitions are processed, default NAT is used. You can use NAT rules in the Firewall Policy to create exceptions to NAT definitions and default NAT.
For more details about the product and how to configure features, click Help or
press F1.
Steps
- Right-click an engine element and select Edit <element type>.
- In the navigation pane on the left, browse to .
- Configure the settings, then click OK.
-
Click
Save and Refresh.
Next steps
Engine Editor > Policies > Element-based NAT
Use this branch to add NAT definitions for element-based NAT. The NAT definition is also added to the elements that are included in the NAT configuration.
| Option | Definition |
|---|---|
| Use Default NAT Address for Traffic from Internal Networks | Select an option to define how
the NGFW Engine uses the default NAT address.
When you select On or Automatic, a NAT rule is generated at the end of the IPv4 or IPv6 NAT rules in the policy. |
| Show Details | Opens the Default NAT Address Properties dialog box. |
| Add NAT Definition | Creates a NAT Definition element and opens the element properties. |
| Edit NAT Definition | Opens the properties of an existing NAT Definition element. |
| Remove NAT Definition | Removes the selected row from the table. |
Default NAT Address Properties dialog box
Use this dialog box to view the internal networks associated with the Default NAT address.
| Option | Definition |
|---|---|
| Default NAT Address | Used to automatically translate traffic from internal networks to the public IP address of the external interface. Note: When several IP addresses from
the same network are available, the SMC automatically selects the smallest IPv4 address as the default NAT address.
|
| Internal Networks | Shows the internal networks that are translated to the public IP address of the external interface. |
NAT Definition Properties dialog box
Use this dialog box to define NAT Definition properties.
| Option | Definition |
|---|---|
| Translation Type | Select the translation type.
|
| Private IP Address | The element that represents the private IP address. Click Select to select an element. Note: Only Host, Server, or Network elements are allowed with static
NAT.
|
| Public IP Address | Select the source of the public IP address.
|
|
Port Filter
(Optional) |
To limit NAT only to traffic that goes to selected destination ports, select a Service or Service Group element to act as a port filter. The Service or Service Group element includes the destination port information (a single destination port or a range of ports). Click Add to add an element to the list, or Remove to remove the selected element. |
| Comment (Optional) |
A comment for your own reference. |