Configuring the NAT policy
The NAT policy can be configured in Configuration > Security Policy > Filter - NAT, NAT tab.
Create the following rules for the purposes of our reference architecture:
-
One rule for outgoing traffic,
-
One rule for incoming traffic.
Creating a rule for outgoing traffic
- Click on New rule > Single rule.
- Double-click on the number of the new rule to edit it; a new window will open.
- In the General tab, Status field: select On.
- In the Original source tab, Source hosts field: select Network_in.
- In the Original destination tab:
- General sub-tab, Destination hosts field: select Internet.
- Advanced properties tab, Outgoing interface tab: select out.
- In the Translated source tab:
- Translated source host field: select Firewall_out.
- Translated source port field: select ephemeral_fw.
- Select Choose random translated source port.
- Click on OK.
Creating a rule for incoming traffic
- Click on New rule > Single rule.
- Double-click on the number of the new rule to edit it; a new window will open.
- In the General tab, Status field: select On.
- In the Original source tab:
- Source hosts field: select Internet.
- Incoming interface field: select out.
- In the Original destination tab:
- Destination hosts field: select Firewall_out.
- Destination port field: select https.
- In the Translated destination tab, Translated destination host field: select the object that represents the web server (srv_web_private in our example).
- Click on OK.
Click on Apply to save changes.