You can apply Network Address Translation (NAT) rules to a policy. You can select 1-to-1 NAT or Dynamic NAT.
- Add or edit a policy.
- Select the Advanced tab.
- Select one of the options described in the next sections.
1-to-1 NAT
With this type of NAT, the Firebox uses private and public IP ranges that you set, as described in About 1-to-1 NAT.
Dynamic NAT
With this type of NAT, the Firebox maps private IP addresses to public IP addresses. All policies have dynamic NAT enabled by default.
Select Use Network NAT Settings if you want to use the dynamic NAT rules set for the Firebox.
Select All traffic in this policy if you want to apply NAT to all traffic in this policy.
In the Set Source IP field, you can select a dynamic NAT source IP address for any policy that uses dynamic NAT. This makes sure that any traffic that uses this policy shows a specified address from your public or external IP address range as the source. This is helpful if you want to force outgoing SMTP traffic to show your domain’s MX record address when the IP address on the Firebox external interface is not the same as your MX record IP address.
1-to-1 NAT rules have higher precedence than dynamic NAT rules.