Configure Firebox Static NAT Actions

Applies To: Cloud-managed Fireboxes

Static NAT (SNAT), also known as port forwarding, is a port-to-host NAT. Static NAT actions define forwarding rules for inbound traffic. To forward inbound traffic, use a static NAT action as the destination in an inbound policy.

A static NAT action can contain one or more forwarding rules. In each forwarding rule, you specify:

  • The external network or IP address that receives the inbound traffic.
  • The internal IP address the Firebox forwards the traffic to.

In the advanced settings for a rule, you can optionally configure:

  • Destination port for forwarded traffic. This is known as port address translation (PAT).
  • Source IP address for forwarded traffic. When the Firebox receives a connection that matches the parameters in your static NAT action, the Firebox changes the source IP address to the IP address that you specify.

Add a Static NAT Action

To add a Static NAT action, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox.
  3. Click Device Configuration.
  4. Click the Static NAT tile.
  5. Click Add Static NAT.
    The Add Static NAT dialog box opens.

Screen shot of the Add Static NAT dialog box

  1. In the Name text box, type a name for the static NAT action.
  2. In the Description text box, type a description.
  3. To add a forwarding rule to the Static NAT action, click Add Rule.
    The Add Rule page opens.

Screen shot of the Add Rule page

  1. From the External text box, select an external network name or IP address. Or, select the built-in alias Any-External.
  2. In the Interface IP Address text box, type the IP address you want to forward traffic to.
  3. To see advanced settings, click Advanced Settings.

Screen shot of the Advanced Settings for an SNAT rule

  1. To enable port address translation (PAT), in the Destination Port text box, type the destination port to set in forwarded traffic.
  2. To set the source IP address, in the Source IP Address text box, type the source IP address to set in forwarded traffic.
  3. Click Save.
  4. To add another forwarding rule to this action, click Add Member, and complete the previous steps to define the rule.
  5. Click Save.

Use a Static NAT Action in a Firewall Policy

After you configure a static NAT action, you can use it as the destination in an inbound policy. The policy uses the rules in the static NAT action to forward traffic to internal destinations.

You can add only one static NAT action as a policy destination.

To add a static NAT action as a policy destination:

  1. Edit the inbound firewall policy.
  2. In the Source and Destination settings of the policy, click Add Destination.
  3. From the Type drop-down list, select Static NAT.

Screen shot of the Add Destination Address dialog box, with the Static NAT type selected

  1. Select the static NAT action to use for this policy.
  2. Click Add.
  3. Configure other policy settings, and click Save.

See Also

Configure the Source and Destination in a Firewall Policy