Add Network Dynamic NAT Rules

The default configuration of dynamic NAT enables dynamic NAT from all private IP addresses to the external network. The default entries are:

  • 192.168.0.0/16 – Any-External
  • 172.16.0.0/12 – Any-External
  • 10.0.0.0/8 – Any-External

These three network addresses are the private networks reserved by the Internet Engineering Task Force (IETF) and usually are used for the IP addresses on LANs. To enable dynamic NAT for private IP addresses other than these, you must add dynamic NAT rules for them. The Firebox applies the dynamic NAT rules in the sequence that the entries appear in the Dynamic NAT list. We recommend that you put the rules in a sequence that matches the volume of traffic the rules apply to.

By default, dynamic NAT rewrites the source IP address of packets to use the primary IP address of the interface from which the packet is sent. When you add a dynamic NAT rule, you can optionally specify a different source IP address to use for packets that match that rule.

If you set the source IP address, the Firebox changes the source IP address for packets that match this rule to the source IP address you specify. The source IP address must be on the same subnet as the primary or secondary IP address of the interface you specified as the To location in the dynamic NAT rule.

If you set the source IP address, and the To location in the network dynamic NAT rule specifies an alias, such as Any-External, that includes more than one interface, the source IP address is used only for traffic that leaves an interface that has an IP address on the same subnet as the source IP address.

For more information, see About Dynamic NAT Source IP Addresses.

Delete a Dynamic NAT Rule

You cannot change an existing dynamic NAT rule. If you want to change an existing rule, you must delete the rule and add a new one.

To delete a dynamic NAT rule:

  1. Select the rule to delete.
  2. Click Remove.
    A warning message appears.

Reorder Dynamic NAT Rules

To change the sequence of the dynamic NAT rules:

  1. Select the rule to change.
  2. Click Up or Down to move it in the list.

See also

About Dynamic NAT

Give Us Feedback     Get Support     All Product Documentation     Technical Search