Add NAT rules to forward traffic

For more complex environments where you already use NAT rules, use NAT rules to forward traffic.

If the proxy service is in the cloud, a rule is needed to forward the matching traffic to the proxy service. If the proxy service is on premises, a rule is needed to forward the matching traffic to the proxy service and a second rule is needed to allow the connection from the proxy service to the original destination.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Policies > Firewall Policies.
  3. Right-click a policy, then select Edit Firewall Policy.
  4. Add a rule that forwards traffic to the proxy service.
    Source Destination Service NAT
    Original source address of the traffic. For example, clients in the internal network. Original destination address of the traffic. For example, a web server. The HTTP and TLS Network Application elements.

    On the Source translation tab, select Dynamic as the Translation Type, then select the Outbound Multi-Link element that represents your public IP addresses. If you have only one IP address, click Address, then enter the address.

    On the Destination translation tab, select Forward to Proxy as the Translation Type, then select your Proxy Server element.
  5. (If the proxy service is on premises) Add a rule that allows traffic from the proxy service to the original destination.
    Source Destination Service NAT
    Proxy Server Original destination address of the traffic. For example, a web server. The HTTP and TLS Network Application elements. On the Source translation tab, select Dynamic as the Translation Type, then select the Outbound Multi-Link element that represents your public IP addresses. If you have only one IP address, click Address, then enter the address.
    Make sure that you add this rule above the rule in the previous step to avoid potential loops if the proxy service is located in the same internal network as the clients.