Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create a Source NAT

You are here: Network > NAT > Policies.

To create a source NAT:

  1. Click Create > Source NAT on the upper right-side of the Policies page.

    The inline creation fields will appear.

  2. Complete the configuration according to the guidelines provided in Table 1.
  3. Click the tick icon on the right-side of the row once done with the configuration.
Table 1: Fields on the Policies Page—Create Source NAT

Field

Description

Rule Name > Name

Enter a unique source NAT rule name.

Source Ingress
Select Sources

Source ingress type

Select an option from the list for ingress traffic that originates from inside the network:

  • Zone

  • Interface

  • Routing Instance

Zone

Select the source zones in the Available column and use the right arrow to move them to the Selected column.

Note:

This option is available only if you select source ingress type as Zone.

Interface

Select the source interfaces in the Available column and use the right arrow to move them to the Selected column.

Note:

This option is available only if you select source ingress type as Interface.

Routing instance

Select the source routing instances in the Available column and use the right arrow to move them to the Selected column.

Note:

This option is available only if you select source ingress type as Routing Instance.

Addresses

Select the source addresses in the Available column and use the right arrow to move them to the Selected column.

To create a new address:

  1. Click +.

    The Create Address page appears.

  2. Enter the following details:

    • Name—Optional. Enter a unique name for source address.

    • Description—Enter the description for source address.

    • Host IP—Enter IPv4 or IPv6 host address.

Ports/Port range

Click + to enter port number or port range (for example, 1-5) with minimum and maximum values for source.

Range: 0 through 65535.

To edit a port number or port range, select it and click the pencil icon.

To delete a port number or port range, select it and click the delete icon.

Destination Egress
Select Destination

Destination egress type

Select an option from the list for outgoing traffic that originates from inside of the device network:

  • Zone

  • Interface

  • Routing Instance

Zone

Select the destination zones in the Available column and use the right arrow to move them to the Selected column.

Note:

This option is available only if you select destination egress type as Zone.

Interface

Select the destination interfaces in the Available column and use the right arrow to move them to the Selected column.

Note:

This option is available only if you select destination egress type as Interface.

Routing instance

Select the destination routing instances in the Available column and use the right arrow to move them to the Selected column.

Note:

This option is available only if you select destination egress type as Routing Instance.

Addresses

Select the destination addresses in the Available column and use the right arrow to move them to the Selected column.

To create a new address:

  1. Click +.

    The Create Address page appears.

  2. Enter the following details:

    • Name—Optional. Enter a unique name for destination address.

    • Description—Enter the description for destination address.

    • Host IP—Enter IPv4 or IPv6 host address.

Ports/Port range

Click + to enter port number or port range (for example, 1-5) with minimum and maximum values for destination.

Range: 0 through 65535.

To edit a port number or port range, select it and click the pencil icon.

To delete a port number or port range, select it and click the delete icon.

Applications
Select Applications

Applications

Select an application option:

  • Any—Any applications you want to associate with the NAT policy.

  • Specific—Select the applications in the Available column and use the right arrow to move them to the Selected column.

  • None—No applications selected to associate with the NAT policy.

Protocols
Select Protocols

Protocols

Select the protocols in the Available column and use the right arrow to move them to the Selected column.

Add Protocol

Click + and enter a protocol number to associate with the NAT policy.

Range is 0 through 255.

Actions
Actions

Translation type

Select an option:

  • None—No translation is performed for the incoming traffic.

  • Interface—Performs interface-based translations on the source traffic.

  • Pool—Performs pool-based translations on the source traffic.

Source pool

Select a source pool from the list.

Click Add New to create a new source NAT pool. For more information on field options, see Create a Source NAT Pool.

Persistent

Enable this option for mapping all requests from the same internal transport address to the same reflexive transport address.

Persistent NAT type

Select an option from the list:

  • any-remote-host—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. Any external host can send a packet to the internal host by sending the packet to the reflexive transport address.

  • target-host—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. An external host can send a packet to an internal host by sending the packet to the reflexive transport address. The internal host must have previously sent a packet to the external hosts IP address.

  • target-host-port—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. An external host can send a packet to an internal host by sending the packet to the reflexive transport address. The internal host must have previously sent a packet to the external hosts IP address and port.

Inactivity timeout

Enter the amount of time that the persistent NAT binding remains in the sites memory when all the sessions of the binding entry have ended.

Range is 60 through 7200 seconds.

Maximum session number

Enter the maximum number of sessions with which a persistent NAT binding can be associated.

Range is 8 through 65536

Description

Enter the description for the source NAT.