Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating NAT Policies

    Use the Network Address Translation (NAT) policy page to perform basic NAT configuration.

    NAT is a form of network masquerading where you can hide devices between zones or interfaces. NAT modifies the IP addresses of the packets moving between the trust and untrust zones. A trust zone is a segment of the network where security measures are applied. It is usually assigned to the internal LAN. An untrust zone is the Internet.

    Whenever a packet arrives at a NAT device, the device performs a translation on the IP address of the packet by rewriting it with an IP address that was specified for external use. After translation, the packet appears to have originated from the gateway rather than from the original device within the network. This process hides your internal IP addresses from the other networks and keeps your network secure.

    Also, NAT permits you to use more internal IP addresses. Because these IP addresses are hidden, there is no risk of conflict with an IP address from a different network. This feature helps you conserve IP addresses.

    Before You Begin

    Configuring NAT Policy Settings

    To configure a NAT policy:

    • Select Configure > NAT Policy > Policies.
    • Click the plus sign (+) to create a new NAT policy.
    • Complete the configuration according to the guidelines provided in Table 1.

      A new NAT policy is created. After you create an IPS policy, add rules in one or more rulebases to select that policy to be the active policy on your device, see Creating NAT Rules. You can also assign NAT policy to a domain; see Assigning Policies and Profiles to Domains.

    Table 1: NAT Policy Settings

    Setting

    Guideline

    Names

    Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 255 characters.

    Description

    Enter a description for the NAT policy; maximum length is 255 characters.

    Policy Options

    Auto ARP Configuration

    Select this option to respond to incoming Address Resolution Protocol (ARP) requests. ARP translates IPv4 addresses to MAC addresses.

    Type

    Select the type of NAT policy you want to create:

    • Group policy
    • Device policy

    Device Selection

    Device Selection

    Select the devices on which the group policy will be published. Select these devices from the Available column and move them to the Selected column.

    You can also search for the devices in the search field available in both Available and Selected columns. You can search these devices by entering the device name, device IP address, or device tag.

    Note: During a device assignment for a group policy, only devices from the current and child domains (with view parent enabled) are listed. Devices in the child domain with view parent disabled are not listed.

    Devices

    Select the device on which the device policy will be published. During a device assignment for a device policy, only devices from the current domain are listed.

    Policy Sequence

    Policy Placement

    Select an option to place the newly created global policy either before the existing device policies or after the device policies. Once you select the policy placement for your global policy, you can choose the sequence number.

    Policy Sequence No.

    Click Select to reorder your NAT policy among the existing device policies.

    Modified: 2016-06-14