Advanced - Creating and Editing NAT Rules

In the Access Policy > NAT Manual Rules page you can create and edit custom NAT rules. If servers with NAT are configured the manual NAT rules do not apply to them. However, they do apply even when Hide NAT is activated.

Note - For the majority of cases, manual NAT rules are not necessary. There is no need to use this option unless you are an experienced network administrator. See the Access Policy > NAT Control page for the commonly used options.

These are the fields that manage the NAT rules.

Rule Base Field

Description

Original Source

The network object (a specified IP address) or network group object (a specified IP address range) that is the original source of the connections to translate.

Original Destination

The network object (a specified IP address) or network group object (a specified IP address range) that is the original destination of the connections to translate.

Original Service

The original service used for the connections to translate.

Translated Source

The network object or network group object that is the new source to which the original source is translated.

Translated Destination

The network object or network group object that is the new destination to which the original destination is translated.

Translated Service

The new service to which the original service is translated.

To create a new NAT rule:

  1. Click the arrow next to New.

  2. Click one of the available positioning options for the rule: On Top, On Bottom, Above Selected, or Under Selected.

    The Add RuleClosed A set of traffic parameters and other conditions in a Rule Base that cause specified actions to be taken for a communication session. window opens. It shows the rule fields in two manners:

    • A rule summary sentence with default values.

    • A table with the rule base fields in a table.

  3. Click the links in the rule summary or the table cells to select network objects or options that fill out the Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase. fields. See the descriptions above.

  4. In the Write a comment field, enter optional text that describes the rule. This is shown as a comment below the rule in NAT Manual Rules.

  5. Select the Hide multiple sources behind the translated source address/es if you want the original source to contain multiple IP addresses, IP ranges, networks, etc. and the translated source to be a single IP address.

    When this option is not selected, you can still use an IP range in the Original Source and a different IP range of the same size in the Translated Source. This rule does the IP address translation from one range to another, respectively (the first IP in the first range is translated to the first IP in the second range, etc.).

  6. Click Apply.

To edit a rule:

Note - For Access Policy rules, you can only edit the tracking options for automatically generated rules.

  1. Select a rule and click Edit.

  2. Edit the fields as necessary.

  3. Click Apply.

To delete a rule:

  1. Select a rule and click Delete.

  2. Click Yes in the confirmation message.

To enable or disable a rule:

  • To disable a manually defined rule that you have added to the rule base, select the rule and click Disable.

  • To enable a manually defined rule that you have previously disabled, select the rule and click Enable.

To change the rule order:

  1. Select the rule to move.

  2. Drag and drop it to the necessary position.

Note - You can only change the order of manually defined rules.