In policy-based dynamic NAT, the XTM device maps private IP addresses to public IP addresses. Dynamic NAT is enabled in the default configuration of each policy. You do not have to enable it unless you previously disabled it.
For policy-based dynamic NAT to work correctly, use the Policy tab of the Edit Policy Properties dialog box to make sure the policy is configured to allow traffic out through only one XTM device interface.
1-to-1 NAT rules have higher precedence than dynamic NAT rules. Policy-based dynamic NAT has higher precedence than network dynamic NAT.
To configure dynamic NAT settings in a policy:
If you select All traffic in this policy, the XTM device changes the source IP address for each packet handled by this policy to the primary IP address of the interface from which the packet is sent, or the source IP address configured in the network dynamic NAT settings. You can optionally set a different dynamic NAT source IP address for traffic handled by this policy.
To set the source IP address in the policy:
When you select a source IP address, any traffic that uses this policy shows the specified address from your public or external IP address range as the source. This is most often used to force outgoing SMTP traffic to show the MX record address for your domain when the IP address on the XTM device external interface is not the same as your MX record IP address.
We recommend that you do not use the Set source IP option if you have more than one external interface configured on your XTM device. If you use the Set source IP option in a policy, do not enable policy-based routing with failover in the policy settings.
For more information about dynamic NAT source IP addressing options, see About Dynamic NAT Source IP Addresses.
Dynamic NAT is enabled in the default configuration of each policy. To disable dynamic NAT for a policy:
About Dynamic NAT