Managing NAT Policy Rules
Use the NAT Policy Rule page to get an overall, high-level view the setting of your NAT policy rules. Details help you keep track of the number and order of rules for each policy. You can filter and sort this information to get a better understanding of what you want to view.
Creating NAT Policy Rules
NAT processing centers on the evaluation of NAT rule sets and rules. A rule set determines the overall direction of the traffic to be processed. After a rule set that matches the traffic is found, each rule in the rule set is evaluated for a match. NAT rules can match on the following packet information:
Source and destination address
Source port (for source and static NAT only)
Destination port
The first rule in the rule set that matches the traffic is used. If a packet matches a rule in a rule set during session establishment, traffic is processed according to the action specified by that rule.
To create a new NAT policy, click on the NAT policy name; the NAT Policy page appears providing your with options to configure NAT rules. You can configure the following types of NAT rules:
Source
Static
Destination
Depending on the type of rule you have chosen, some fields in the rule will not be applicable. In addition to defining rules between zones and interfaces, you can define NAT rules with virtual routers defined on the device. These rules can be successfully published and updated on the device.
To create a NAT policy rule:
- Select Configuration > NAT > NAT Policies.
The NAT Policies page appears, displayed the existing NAT policies.
- Click on the name of the NAT policy for which you want
to create rules.
The NAT Policy page appears.
- Click Create and select either Source or Static. The page displays fields for creating a NAT policy rule.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK to save the changes. If you want to discard your changes, click Cancel instead.
A NAT policy rule with the configuration you provided is created.
Table 1 provides guidelines on using the fields on the create NAT policy rule page.
Table 1: Fields on the Create NAT Policy Rule Page
Field | Description |
|---|---|
Name | Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 255 characters. |
Source Packet | Select the source packet to which the NAT policy rule applies, from the available list. A source packet can be an address, a protocol, or a port. |
Destination Packet | Select the destination packet to which the NAT policy rule applies to, from the available list. A destination package can be an address, a service, or a port. |
Translated Packet | Translated source or destination packet. |
Translation Type | Specify the translation type for the incoming traffic, from the following options:
If you create a static NAT policy rule, the value of the Translation Type field is Address by default. You can provide the translation address in the Translated Address field or choose the Corresponding IPv4 address. |
Translated Address (Only for static NAT policy rule) | Select an address from the available list. |
End Points | Create source and destination endpoints such as addresses and services.
To edit the configured parameters of an address or service, hover over it and click on the edit icon (pencil symbol). |
Editing NAT Policy Rules
To modify the parameters configured for an NAT policy rule:
- Select Configuration > NAT > NAT Policies.
The NAT Policies page appears, displaying the NAT policies.
- Select the NAT policy whose rules you want to edit.
The selected NAT Policy appears, displaying the rules associated with the NAT policy.
- Hover over the NAT policy rule that you want to modify and click on the edit icon (pencil symbol) that appears on the right side of the NAT policy rule. The page changes to display the same fields that you use to create a NAT policy rule.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK to save the changes. If you want to discard your changes, click Cancel instead.
The modified NAT policy rule appears on the NAT Policy page.
Cloning NAT Policy Rules
To clone a NAT policy rule:
- Select Configuration > NAT > NAT Policies.
The NAT Policies page appears, displaying the NAT policies.
- Select the NAT policy whose rule you want to clone.
The selected NAT Policy appears, displaying the rules associated with the NAT policy.
- Hover over the NAT policy rule that you want to clone
and click on the clone icon that appears on the right side of the
NAT policy rule.
The cloned NAT policy rule appears below the current rule.
You can modify the parameters configured for the cloned NAT policy rule or rename it as required.
Deleting NAT Policy Rules
To delete a NAT policy rule:
- Select Configuration > NAT > NAT Policies.
The NAT Policies page appears, displaying the NAT policies.
- Select the NAT policy whose rule you want to delete.
The selected NAT Policy appears, displaying the rules associated with the NAT policy.
- Hover over the NAT policy rule you want to delete and
then click the delete icon (X) .
An alert message appears, verifying that you want to delete your selection.
- Click Yes to delete the selection. If you do not want to delete, click Cancel instead.
If you click Yes, the selected NAT policy rule is deleted.
Deploying NAT Policy Rules
To deploy an NAT policy rule:
- Select Configuration > NAT Policy > Policies.
- Click on the name of the NAT policy rules displayed.
The NAT policy rule page appears.
- Click Deploy.
The Deploy page appears.
- Configure your deployment as required. See Deploying Policies.
All the NAT policy rules associated with the NAT policy are deployed. That is, the entire NAT policy is deployed.
NoteBy default, all the NAT policy rules associated with the NAT policy (the entire NAT policy) are deployed when you click Deploy. Suppose you select a particular NAT policy rule and click Deploy, even then, all the NAT policy rules associated with that NAT policy are deployed.
